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Introduction 


This lab manual has been designed as a comprehensive reference manual for 
Windows server 2012 configuration. This is a supplement to the MCSE (Server 
Infrastructure) course taught by Zoom Technologies. 

All five modules of the MCSE certification course have been covered. We have 
taken great care to ensure that each configuration exercise is clearly and lucidly 
explained to the student, so that it is easy for the student to perform that task. 
Screenshots have been used extensively, for every step in the configuration. 

This lab manual will lead the student from the basics of Windows Server 2012 
installation, Active Directory configuration, right up to hosting secure websites on 
IIS and the related DNS configuration. Other network services like DHCP, FTP, 
etc. have also been included to give the student a complete administration manual 
which would be useful not only during the training, but also in the daily course of a 
system administrator's job. 

We have divided each exercise into the followings sections for ease of 
understanding: 

1. Objective 

2. Topology 

3. Pre-requisites 

4. Configuration 

5. Verification. 

A lot of effort has gone into the production of this lab manual, which we hope will 
benefit the serious student. We welcome feedback and suggestions from all users 
of this manual, so that it can be further improved. 
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Lab - 1: Installing Windows Server 2012 Operating System 


Objective: 

To Install Windows Sever 2012 Operating System in a Computer. 

Pre-requisites: 

Before working on this lab, you must have 

• A Computer and Windows Server 2012 Operating System DVD. 
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Steps: 


1. Restart the System and go to BIOS. 


2. Set the First Boot Device as DVD ROM. 


i — 


fla in flduauced Power 


PhoenlxBlUS Set up Utility 
Bout 



♦Hard Drive 
♦Removable Devices 
Network bait Tran AND An?9C97Dfl 


Item Specific Help 


Keys used to view or 
configure devices: 
<Enter> expands or 
collapses devices with 
a ♦ or - 

<Ctrl + Enter> expands 
all 

<Sh i ft * 1> enables or 
disables a device. 

<♦> and <-> woves the 
device up or down. 

<n> Hay Moue removable 
device between Hard 
Disk or Removable Disk 
<d> Khuiiuh a device 
that is not installed. 



Help 

Exit 


Select I ten 
Select Nnrai 


Change Ua lues 
Select ► Suh fin hi 


Setup Defaults 
Save and Exit 


3. Save the settings by Pressing F10 and click YES. 


4. Insert Windows Server 2012 DVD and Restart the system. 
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5. Press any key to boot from the CD or DVD. 


Press any key to boot from CD or DVD 


6. System copies the files from DVD. 


Loading files... 
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7. Select the language to install English. 
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9. Select the edition Windows Server 2012Standard (Server with a GUI), click Next. 



10. Check the box I accept the license termsand click Next. 
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11. Select Custom Installation. 



12. Click Drive options. 
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13. Select Unallocated Space and click New. 



14. Enter the size for the partition, and click Apply. 
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15. Select the Partition and click Next. 



16. Windows Installation will start. 
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17. System Restarts. 



18. Completes the Installation, and system will be restarted. 



Getting devices ready 100% 
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19. Enter Password and Re-enter Password for Administrator account, click Finish. 


Settings 

Type a password for the built-in administrator account that you can use to sign in to this computer. 
User name | Adn .1 strata* 

Password 

Keentei password 



20. Enter Password and Logon using the Administrator account. 


© 


Administrator 




& 

|| Windows Server 2012 
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21. Finally Administrator has logged in. 


Administra 

tor 

Q 

Computer 

Network 


V 

Recycle 

Sin 



Control 

Panel 


88 Windows Server 2012 
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Lab - 2: Installing Windows client Operating System 


Objective: 

To Install Windows Client Operating System in a Computer 

Pre-requisites: 

Before working on this lab, you must have 
• A Computer and Windows 7 Operating System DVD. 
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Steps: 


1. Restart the System and go to BIOS. 


2. Set the First Boot Device as DVD ROM. 


i — 


fla in flduauced Power 


PhoenlxBlUS Set up Utility 
Bout 



♦Hard Drive 
♦Removable Devices 
Network bait Tran AND An?9C97Dfl 


Item Specific Help 


Keys used to view or 
configure devices: 
<Enter> expands or 
collapses devices with 
a ♦ or - 

<Ctrl + Enter> expands 
all 

<Sh i ft * 1> enables or 
disables a device. 

<♦> and <-> woves the 
device up or down. 

<n> Hay Moue removable 
device between Hard 
Disk or Removable Disk 
<d> Khuiiuh a device 
that is not installed. 



Help 

Exit 


Select I ten 
Select Nnrai 


Change Ua lues 
Select ► Suh fin hi 


Setup Defaults 
Save and Exit 


3. Save the settings by Pressing F10 and click YES. 


4. Insert Windows 7DVD and Restart the system. 
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5. Press any key to boot from the CD or DVD. 


Press any key to boot from CD or DVD 


6. System copies the files from DVD. 


windows is loading files... 
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7. Select the language to install English and click Next. 
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9. Check the box I accept the license terms 



10. Select Custom Installation. 
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11. Click Drive options. 



12. Select Unallocated Space and click New. 
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13. Enter the size for the partition, and click Apply. 



Collecting information 


Installing Windows 


14. Select the Partition and click Next. 
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15. Windows Installation will start. 
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17. Completes the Installation, and system will be restarted. 



18. Enter the User Name and Computer Name, click Next. 
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19. Set a password for the account, and click Next. 



20. Configure Automatic Updates Ask me later. 



21. Select the Time zone and click Next. 
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22. Select the location of your computer Work. 
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24. Enter the Password to log on to the computer. 



25. Finally Operating System is installed and the User has logged in. 
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Lab - 3: Creating Local User Accounts 


Objective: 

To create local user accounts in a Computer 

Pre-requisites: 

Before working on this lab, you must have 

• A Computer running with windows server 2012 or windows 7. 
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Steps: 

1. Login as the Administrator to the Computer. 

2. Press Windows Key to go to Start, type Computer Management in Search Apps, and 

select Computer Management. 



3. Expand Computer Management Expand System Tools -^ExpandLocal Users and Groups 

-> right click Users and then click New User. 


Computet Management 


L=±®J 


File Action View Help 

«■*! 23 El a ^ DEI 


St Computer Management (Local) 
a li System Tools 
l O Task Scheduler 
► B Event Viewer 
v at Shared folders 
j > local Users and Groups 


Name 

*■ Administr... 

fe Guest 


Full Name Description 

Built-in account (or admini.. 
Buiit-in account lor guesl a.. 



New User. 

i > Perform 

View 

» 

A Device 

Refresh 


•* S Storage 

Export Ust_ 


► ^ Windov 

Help 



Disk Management 
fr bi Services and Applications 


Actions 

Users 


More Actions 


Creates a new Local User account 
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4. Enter User Name and set Password, Confirm Password and click Create. 


New User 

Username 
Full name: 

Description: 

Password: 

Qorfirm password 

@ User must change password at next logon 

0 User cannot change password 
0 Password never expires 

0 Account is disabled 


Help 


Create 

Close 


5. Click Close, and then Close Computer Management. 




Verification: 

1. Press Ctrl + Alt + Del ->Click Switch User or Logoff Administrator. 

2. Login as User (Userl) on same computer. 


Start 



userl ^ 

@=y 

V 

ft 



Window 

AdrnirMOratoe 


Server Manager 

PowerShell 

Took 


Q 

m 


Computer 

Ta± Manager 


P 

0 


Control Panel 

Internet Explorer 


Desktop 
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Lab - 4: Converting Windows Server 2012 GUI to Core 


Objective: 

To convert windows server 2012 gui to core 

Pre-requisites: 

Before working on this lab, you must have 
• A Computer running with windows server 2012. 
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Steps: 

1. Login to Computer as Administrator 



Windows Server 2012 
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3. Type the following command 

Uninstall-WindowsFeature Server-GUI-Mgmt-Infra, Server-GUI-Shell -Restart 



4. The conversion starts and the computer restarts. 



5. Login as Administrator and finally GUI is now converted to Server Core. 
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Lab - 5: Converting Windows Server 2012 Core to GUI 


Objective: 

To convert windows server 2012 core to gui 

Pre-requisites: 

Before working on this lab, you must have 
• A Computer running with windows server 2012. 
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Steps: 


1. Login to Computer as Administrator 



Windows Server 2012 


2. In Command Prompt, type PowerShell. 


Administrator C:\Wmdows\system32\cmd.exe 


lcrosoft Windows tilers ion 6.2.9200] 

<c> 2012 Microsoft Corporation. All rights reserved. 

C:\Jsers\Admin istrator>Powersliell 
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3. In Power Shell type the following command to convert Core to GUI. 


Install-Windows Feature Server-GUI-Mgmt-Infra, Server-GUI-Shell -Restart 


Administrator: Windows PowerShell 


lcrosoft Winnows [Version 6. 2. 9200] 

Cc) 2012 flicrosoft Corporation, (til rights reserved. 

' : \Us ers\fl dnin ist r at o r >Po uershe 11 
Jindows PowerShell 

Copyright CC) 2012 Nicrosoft Corporation, fill rights reserved. 


C:\Users\Adninistrator> lnstall UindowsFeature Server-Gui-Hgmt-Infra, Server-Gui-Shell -Restart,. 


4. It installs the required GUI features and restarts 


5. Login as Administrator and finally Core is now converted to GUI. 


R 

Administ. 

Q 

Computer 

Network 


Recycle 

Btn 



Control 

Parrel 


I" Windows Server 2012 


5*rvtr Manager 

CS (S3 Sn '■£> 
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Lab - 6: Installing Active Directory Domain Controller 


Objective: 

To Install Active Directory Domain Services for promoting a new Domain Controller 

Pre-requisites: 

Before working on this lab, you must have 
• A Computer with Windows Server 2012 Operating System. 

Topology: 



SYS1 

Domain Controller 

IP Address 10.0.0.1 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 
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Assigning IP Address 

1. Click Server Manager. 



2. In Server Manager Dashboard, Click Configure this local server. 


IL 

Server Manager 

-14 


Server Manager » Dashboard 

* (§) 1 r Manage loots View Help 


13 Dashboard 


i Local Server 
li All Servers 

■i File and Storage Services l> 


WELCOME TO SERVER MANAGER 


QJtCX START 

Configure this local server 


WHAT'S NEW 

2 Add roles and features 

3 Add other servers to manage 

4 Create a server group 




LEARN MORE 


Hide 


ROUS AND SERVER GROUPS 

Roles: 1 | Server groups: 1 I Servers total 1 


a_ File and Storage 

Services 

i Local Server 1 

(t) Manageability 

(t) Manageability 

Events 

Events 

Performance 

Services 

CPA results 

Performance 


EP A results 
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3. In Local Server, select Ethernet IPv4 address assigned by DHCP. 


tm 


Server Manager 


- I « I * 


Server Manager ► Local Server 


(5) | ^ Manage lods 



1 PROPERTIES 



IB Dashboard 

S forsysl 


TASKS - 

|i All Servers 

■S File and Storage Services > 

Computer name 
Workgroup 

sysl 

WORKGROUP 

Last installed updates 
Windows Update 

Last checked for updates 


Windows Firewall 

Public On 

Windows Error Reporting 


Remote management 

Enabled 

Customei Experience Impro 


Remote Desktop 

Disabled 

IE Fnhanced Security Config 


NIC Teaming 

Disabled 

Time zone 


Ethernet 

IPv4 address assicned bv DHCP. IPv6 enabled 

Product ID 


Opeiatmg system version 

Microsoft Windows Server 2012 Standard Evaluation 

Processors 


Hardware information 

System manufacturer System Product Name 

Installed memory CRAM) 
Total disk space 


< [ 

■ 

> 


!» 


EVENTS 


AH events 1 6/ total 



TASKS ~ 

Filter 

p (3) ▼ @ ▼ 


V 


4. Right click Ethernet, select Properties. 


( 


Network Connections 


^oj | 

t 

£ ► Control Panel ► All Control Panel Items ► Network Connections ► 

v 6 

Search Network Conner P 



Organize » Disable this network device Diagnose this connection Rename this connect on Vie* status of this connect on >* jjl w T H 


■- Ethernet 

. Unrdentrfied network 

^ NVIDIA nF< 

V 

Disable 



Status 



Diagnose 



Bridge Connections 



Create Shortcut 



Delete 


• 

Rename 


|« 

Properties 


1 iUm 1 


P £ 


5. Select Internet Protocol Version 6 (TCP/IPv6) and uncheck the box. 
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6. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties. 



7. Select Use the following IP address and enter the IP address and click Subnet mask, it will be 
entered automatically and select Use the DNS Server addresses and enter the Preferred DNS 
Server address 



8. Click OK, and OK. 
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Installing Active Directory Domain Services 

1. Log in as Administrator to the Workgroup Computer. 

2. Assign IP Address and preferred DNS Server Address. 

3. Click Server Manager 


4. 


It 

Alhr»nrvl_ 



*3 

* 

Domain Controller 

Slftwcwfc 

Host Name : 

SYS1 

0 

ftKyUc 

fen 

IP Address : 

10.0.0.1 

m 

DNS Server : 

10.0.0.1 

Control 

P* nr* 

User Name : 

1 

Administrator 

Windows Server 2012 


tf ^ 

k 10 


In Server Manager Dashboard, Click Add roles and features. 


fL 

Server Mdnayer — ^ 

X 

«« Dashboard 

• (£) | Manage lools View 

HHp 


IK Dashboard 


WELCOME TO SERVER MANAGER 


I Local Server 
li All Servers 

iS File and Storage Services > 



Configure this local server 

QUICK STAR! 



2 Add roles and features 


3 Add other servers to manage 

WHAT'S NEW 



4 Create a server group 


Hide 

LEARN MORE 



ROLES AND SERVER GROUPS 

Roles: 1 | Server groups: 1 | Servers total: 1 


File and Storaqe 

■i 1 


| Local Server 1 

Services 



(t) Manageability 


© Manageability 
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5. In before you begin page, click Next. 


Add Roles and Features Wizard 


- ■. 


Before you begin 


DESTINATION SERVER 
sysl 


Before Vbu 


Instzlzoor Type 
Server Setectioc 

Before you continue, verify that the following tasks have been completed: 

• The Administrator account has a strong password 

• Network settings, such as static IP addresses, are configured 

• The most current security updates from Windows Update are installed 

If you must verify that any of the preceding prerequisites have been completed, close the wizard, complete the 
steps, and then run the wizard again. 

To continue, dick Next. 


This wizara helps you install roles role services, or features. Vou determine which roles, role services, or 
features to install based on the computing needs of your organization, such as sharing documents, or hosting 
a website. 


To remove roles, role services, or features: 

Start the Remove Roles and Features Wizard 


I Skip this page by default 


< Previous 



Install 


Cancel 


6. In Select installation type, select Role-based or feature-based installation, click Next. 


Add Roles and Features Wizard — S | X 


Select installation type 


DESTINATION SERVER 
sysl 


Before >bu Begir 


Installation Type 


Server Selection 


Select the installation type You can install roles and features on a running physical computer of virtual 
machine, or on an offline virtual hard disk CVHD). 

• Role-based or feature-based installation 

Configure a single server by adding roles, role services, and features, 


Remote Desktop Services installation 

Install required role services for Virtual Desktop Infrastructure (VDI) to create a virtual machine based or 
session- based desktop deployment. 


< Previous | | Next > f 


Cancel 
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7. In Select destination server, from Server Pool select SYS1, click Next. 


Add Roles and Features Wizard 


-OX 


Select destination server 


DESTINATION SERVER 
sysl 


Before Mju Begir 
Installation ~ype 


Server Selection 


Server Roles 
Feet-ires 


Select a server or a virtual hard disk on which to install roles and features. 

Select a server from the server pool 
O Select a virtual hard disk 

Server Pool 




1 

Filter: 

11 




Name 

IP Address 

Operating System 

sysl 

10.0.0.1 

Microsoft Windows Server 2012 Standard Evaluation 


1 Computer(s) found 

This page shows servers that are running Windows Server 2012, and lhat have been added by using the Add 
Servers command in Server Manager. Offline servers and newly added servers from which data collection is 
still incomplete are not shown. 


| < Previous | [" Next Install i | Cancel 

8. In Roles, check the box Active Directory Domain Services. 


h, 


Add Roles and Features Wizard 


- 3 


X 


Select server roles 


DESTINATION SERVER 
sysl 


Before Vbu Begir 
Installation T ype 


Select one or more roles to install on the selected server. 

Roles Description 


Server Selection 


Server Roles 


Features 


I Active Directory Certificate Services 

n B mB BB nmHBaB 

I I Active Directory FederaOcn Services 

□ Active Directory Lightweight Directory Services 
I Active Directory Rights Management Services 

I Application Server 

□ DHCP Server 
DNS Server 

I I Fax Server 

t> [■] File And Storage Services (Installed) 

□ Hyper-V 

□ Network Policy and Access Services 
ID Print and Document Services 

I I Remote Access 

□ Remote Desktop Services 

□ Volume Aciivation Services 


Active Directory Domain Services (AD 

DS) stores information about objects 
on the network and makes this 
information available to users and 
network administrators AD DS uses 
domain controllers to give network 
users access to permitted resources 
anywhere on the network through a 
single logon process. 


< Previous 


Next > 


Install | Cancel 
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9. Click Add Features, to install the required features for Active Directory Domain Services. Click 

Next. 


Add Roles and Features Wizard 



Add features that are required for Active Directory 
Domain Services? 


You cannot install Active Directory Domain Services unless the 
following role services or features are also installed 

[Tools] Group Policy Management 
a Remote Server Administration Tools 
a Role Administration Tools 
a AD DS and AD LDS Tools 

Active Directoty module fot Windows PowerShell 
a AD DS Tools 

[Tools] Active Directory Administrative Center 
[Tools] AD DS Snap Ins and Command-Line Tools 

@ Include management tools (il applicable) 


Add Fealuies 


Cancel 


10. In Select features wizard, click Next. 




Add Roles and Features Wizard 


- * X 


Select features 


DESTINATION SERVER 
sysl 


Before You Begir 
Insta at) or Type 
Server Se error 
Server Roles 


Features 


ADD5 

Confirmation 


Select one or more features to install on the selected server. 

Features 

h □ .NET Framework 3.5 Features 
h «| .NET Framework 4 5 Features (Installed) 

t Q Background Intelligent Transfer Service (BITS) 

I I BitLocker Drive Encryption 
I I BitLocker Network Unlock 
0 BranchCache 
|~1 Client for NFS 
0 Data Center Bridging 

0 Enhanced Storage 

1 I Failover Clustering 


irotip Policy Managcmem 


0 Ink and Handwriting Services 

1 I Internet Printing Client 

0 IP Address Management (IPAM) Sewer 

1 I iSNS Server service 

I— | . m . . V 

< I "I 1 >1 


Description 

Group Policy Management is a 

scriptable Microsoft Management 
Console (MMC) snap-in, providing a 
single administrative tool fot managing 
Gioup Policy across the enterprise. 
Group Policy Management is the 
standard tool for managing Group 
Policy. 


< Previous 


Next » 


Install 


Cancel 
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11. In Active Directory Domain Services wizard, click Next. 


Add Roles and Features Wizard 


- □ X 


Active Directory Domain Services 


DESTINATION SERVER 
sysl 


Be 'ore Man fre^ir 
Insta labor Type 
Server Seecacr 


Active Directory Domain Services (AD DS) stores information about users, computers, ano other devices on the 
networ It. AD DS helps administrators securely manage this information and facilitates resource sharing and 
collaboration between users. AD DS is also required for directory enabled applications such as Microsoft 
Exchange Server and for other Windows Server technologies such as Group Policy. 


Server Roles 
Features 


ADDS 


Cor^rmation 


Things to note; 

• To help ensure that users can still log on to the network in the case of a server outage install a minimum of 
two domain controllers for a domain. 

• AD DS requires a DNS server to be installed on the network. If you do not have a DNS server installed, you 
will be prompted to install the DNS Server role on this machine 

• installing AD DS will also install the DFS Namespaces, DFS Replication, ano File Replication services which 
are required by AD DS. 


Learn more about AD DS 


< Previous 


Next > 


Instaii 


Cancel 


12. Check the box Restart the destination server automatically if required. Click Install. 




Add Roles and Features Wizard 


_ a 


x 


Confirm installation selections 


DESTINATION SERVER 
sysl 


To install the following roles, role sendees, or features on selected seiver, dick Install. 

[]] Restart the destination server automatically if required 

Optional features (such as administration tools) might be displayed on this page because they have been 
selected automatically. It you do not want to install these optional features, dick Previous to clear their check 

boxes. 


Confirmation 


Export configuration settings 
Specify an alternate source path 


Active Directory Domain Services 
Group Policy Management 

Remote Server Administration Tools 
Role Administration Tools 
AD DS and AD LDS Tools 

Active Directory module for Windows PowetShell 
AD DS Tools 

Active Directory Administrative Center 
AD DS Snap Ins and Command-Line Tools 


Before >Pu Begir 
Inst « at or ~/pe 
Server Selection 
Server Roles 
Featjres 
AD DS 


| < Previous | 


Install 


Cancel 
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13. Click Promote this server to a domain controller. 




Add Roles and Features Wizard 


□ X 


Installation progress 


DESTINATION SERVER 
sysl 


View installation progress 
Q Feature installation 

Configuration required Installation succeeded on sysl 


Results 


Active Directory Domain Services 

Additional steps are required to make this machine a domain controller. 
Promote this server to a domain controller 

Group Policy Management 
Remote Server Administration Tools 
Role Administration Tools 
AD DS and AD IDS Tools 

Active Directory module for Windows PowetShell 
AD DS Tools 

Active Directory Administrative Center 
AD DS Snap Ins and Command-Line Tools 


You can close this wizard without interrupting running tasks. View task progress or open this page 
O again by clicking Notifications in the command bai, and then Task Details. 

Export configuration settings 


< Previous | | Next > 


Close 


Cancel 


14. In Deployment Configuration wizard, select Add a new forest, enter the Root domain name 
(Ex: Microsoft.com) and click Next. 


•C_J . 

Active Directory Domain Services Configuration Wizard 

- * 

X 

C- - J 


Deployment Configuration 


Deployment Configuration 


Domain Controller Options 
Addiborai Options 
Paths 

Review Options 
Prerequisites Check 


Select the deployment operation 

O Add a domain controller to an existing domain 
O Add a new domain to an existing forest 
® Add a new forest 

Specify the domain information for this operation 
Root domain name: Microsoftcom 


TARGET SERVER 
sysl 


More about deployment configuiations 


< Previous | [ Next > 


Install 


Cancel 
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15. In Domain Controller Options, change Forest and Domain functional level to Windows Server 
2003, and Domain Name System server. Type the Directory Services Restore Mode Password 
and Confirm Password and click Next. 


fL 


Active Directory Domain Services Configuration Wizard 


Domain Controller Options 


TARGCT SERVER 
sysl 


Deployment Configuration 


Domain Controller Options 


DNS options 
Additional Optiors 

Pars 

Review Options 
Prerequisites Check 


Select functional level of the new forest and root domain 

Forest functional level: 

Domain functional level: 

Specify domain controller capabilities 

[✓I Domain Name System (DNS) server 
l/i Global Catalog [GO 

I I Read only domain controller (RODC) 


Windows Server 2003 

▼ 

Windows Server 2003 

■w 


Type the Directory Services Restore Mode (DSRM1 password 
Password: •••••••• 

Confirm password: •••••••• 


More about domain controller options 


< Previous 


Next > 


ristall 


Cancel 


16. On DNS Options page, click Next. 




Active Directory Domain Services Configuration Wizard 


- e 


X 


DNS Options 


TARGET SERVER 
sysl 


^ A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or it does n... Show more x 


Deployment Configuration 
Dcmair Controller Opto^s 


DNS Options 


Specify DNS delegation options 

Cl Create DNS delegation 


Adc, -era Optic ns 


Paths 


Re. e.v Options 
Prerequisites Check 


Mote about DNS delegation 


< Previous 


Next » 


Install 


Cancel 
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17. Verify the NetBIOS domain name (Ex: MICROSOFT), click Next. 


Active Directory Domain Services Configuration Wizard 


I - »L 


Additional Options 


Deployment Configuration 
Domain Controller Cptons 
DNS Options 


Additional Options 


Faths 

Re. e.v Options 
Prerequisites Cheer 


Verify the NetBIOS name assigned to the domain and change it if necessary 
The NetBIOS domain name: MICROSOFT 


TARGET SERVER 
sysl 


More about addilional options 


< previous 


Next > 


Inst 


Cancel 


18. Verify the location of the AD DS database, log files, and SYSVOL, click Next. 


Active Directory Domain Services Configuration Wizard 


1 =. 


Paths 


TARGET SERVER 
sysl 


Deployment Configuration 
Dcmair Controller Options 
DNS Options 
Addmora Options 


Paths 


Re. e.v Options 
Prerequisites Chec< 


Specify the location of the AD DS database, log files and SYSVOL 


database folder: 
log files folder 
SYSVOL folder 


C:\Windows\NTDS 

C:\Wmdows\NTDS 

C:\Wmdowis\SYSVOL 


Q 

Q 

□ 


More about Active Direcloty paths 


| < Previous | [ Next > ]| Cancel 
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19. Review the Summary and click Next. 



20. Click Install to begin installation. 




Active Directory Domain Services Configuration Wizard 


Prerequisites Check 


TARGET SERVER 
sysl 


0 All prerequisite checks passed successfully. Oick 'Install' to begin installation. 


Show more 


Deployment Configuration 
Domair Controller Options 
DNS Options 
Addibona! Options 


Prerequisites need to be validated before Active Directory Domain Services is installec on this computer 

Rerun prerequisites check 

A yiew results 


Paths 

Review Options 


Prerequisites Check 


A Windows Server 2012 domain controllers have a default for the secunty setting named 'Allow 
cryptography algorithms compatible with Windows NT 4.CT that prevents weaker cryptography 
algorithms when establishing security channel sessions 

For more information about this setting, see Knowledge Base article 942564 (http J/ 
go.miaosoft.coiTVfwIink/’Linkld * 104751) 

A A delegation for this DNS server cannot be created because the authontative parent rone cannot 
be found or if does no! run Windows DNS server. If you are integrating with an existing DNS 
infrastructure, you should manually create a detegati on to this DNS server in the parent zone to 
ensure reliable name resolution from outside the domain "Microscftcom Otherwise, no action is 
required. 

O Prerequisites Check Completed 

© All prerequisite checks passed successfully Click 'Install to begin installation 


A If you dick Install, the server automatically reboots at the end of the promotion operation. 


More about prerequisites 


< Previous 

Next > 


Install 

Cancel 
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Verification: 


1. Click Server Manager. 



2. In Server manager, select Local Server and verify for domain Microsoft.com. 


jL 

Server Manager 


-1° : x 1 


’ Server Manager ► Local Server 


I | ^ Manage Iods View Help 


M Cashboars 


| local Server 


|i All Servers 
i|l ADDS 
£ DNS 

i| File art) Swage Services t> 


! PROPERTIES 

| fowl | TASKS » 


Computer name 

sysl 

Last installed updates 

Domain 

microsoft.com 

Windows Update 



Last checked tor updates 

Windows f i rewall 

Domain: Off 

Windows Error Reporting 

Remote management 

Enabled 

Customer Experience imprc 

Remote Desktop 

Disabled 

IE Enhanced Security Confk 

NIC Teaming 

Disabled 

Time zone 

Ethernet 

10.0.0.1 

Product ID 

Operating system version 

Microsoft Windows Server 2012 Standard Evaluation 

Processors 

Hardware information 

System manufacturer System Product Name 

Installed memory (RAM) 



Total disk space 

±1 

5 . 3 

> 



V 
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3. Go to Start, type event in Search Apps, select Event Viewer. 


Apps 


Results for "eve 1 ' 


a 


Event Viewer 


Search 

Apps 

Qnp App? 

Settings 


i 


Files 


Internet Explorer 


4. Expand Applications and Services Logs, select Directory Service, verify for the Event ids 1394 
and 1000. 

U Event Viewer | — ® X 

File Action View Help 

«•*! ®[h] D|e 
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5. Event 1000 displaying Active Directory Domain Services startup complete. 


Event Properties - Event 1000, ActiveDirectory_DomainService H 

General Details 


Microsoft Active Directory Domain Services startup complete, version 
62.9200.16384 


log Name: Directory Service 

Source: ActiveDirectoryDcma Logged: 8/1/2014 12:37:41 PI 

Event ID: 1000 Task Category Service Control 

Level: Information Keywords: Classic 

User ANONVMOUS LOGON Computer sysl.rmcrosoftcom 

Opcode: Info 


More Informalioa Event Log Online 


1*1 

!♦! 


cobs 


Close 


6. Event 1394 displaying Active Directory Domain Services updated successfully. 
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Lab - 7: Configuring Client (Windows 7) 


Objective: 

To join Clients in Domain 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A computer running windows 7. 

Topology: 



MICROSOFT.COM 


SYS1 


SYS2 


Domain Controller 


workgroup 


IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 


1. Log in as Administrator to Workgroup Computer. 


2. Right click Computer Icon and click Properties and click Change settings. 




t <=>*«■ IBM 

** r Control Pa nd 

► System and Security » System 

» 1 *f Scant' Centre. p 

Control Panel Home 

iy Davica Manager 

View basic information about your computer 

Windows edition 

• 


•y Ktmrte settings 
•Jf System protection 
\ Advanced system settings 


Window* 7 Professional 

Cop) ngh* C 20(6 Microsoft Corporation. All ngntt reserved. 

Get mote feitu'ts »*ith a new edit - n of Windows 7 




System 

Reting: System rating rs not a. a able 

Processors AMO AthlorHtm) D X2 2*5 Processor 2-91 GHr 

In stalled memory (RAM); I j 00 OB 

System typer 32 -fait Op* rating System 

Pen and Touch: Mo Pen or Touch Input it available for this Display 


Computer name, dom- n and workgroup cattmgc 
Computer name: SVS2 

Ful computer names SVS2 

Computer description 
Workgroup: WORKGROUP 

Windows activation 

J\. 30 days to actrvate Activate Windows now 

Product ID - 00371 177 OOOK61 05614 Chjn S t product k«. 

Act. rr Center 
Windows Update 
Performance Information and 

TOOIS 


3. In the System properties dialog box click Change. 
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4. 


Select the Member of Domain and enter the Domain Name (Ex: Microsoft.com). 



5. Enter the user name Administrator and Password, click OK. 



6. Welcome Message appears indicating that the computer was successful in joining the Domain, 
click OK and OK, It will ask for restart, click Restart Now. 



7. After restarting the computer, it will become Client. 

Verification: 

1. Right click Computer Icon Properties. 

2. Click Computer Name, domain, and workgroup settings and verify for the Domain 

NameMICROSOFT.COM. 
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Lab - 8: Configuring Member server 


Objective: 

To join Member Servers in Domain 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A computer running windows 2012 server. 

Topology: 



MICROSOFT.COM 


SYS1 


SYS2 


Domain Controller 


workgroup 


IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 

1. Log in as Administrator to Workgroup Computer. 

2. Click Server Manager 


hammm- 




Windows Server 2012 




3. In Server Manager Dashboard, Click Configure this local server 


tL Server Manager 


- l a I x 1 

Server Manager * Dashboard 


) I T Manage loots View Help 


fS Dashboard 


I Local Server 
li Ail Servers 

ii Fil# and Storage Services > 


WELCOME TO SERVER MANAGER 


QUICK START 

Configure this local server 


IAf HATS NEW 

2 Add roles and features 

3 Add other servers to manage 

4 Create a server group 




UARNMOfif 


Hidf 


ROLES AND SERVER GROUPS 

Roles: 1 | Server groups: 1 | Servers total 1 1 


File and Storage ^ 

* Services 


I Local Server 1 

(t) Manageability 


(t) Manageability 

Events 


Events 

Performance 


Services 

BPA results 


Performance 



BPA results 
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4. In Local Server, select WORKGROUP. 


SL Server Manager 

_!□!* I 

(<“) ” Server Manager * Local Server 

* © | Y Manage look ¥iew Help 


!■ Dashboard 


| local Server 


|i All Servers 

i| file and Storage Services t> 


S PROPERTIES 

9 forSVS2 


T AS ICS w 

Computer name 

SYS2 

Last installed updates 

Workgroup 

•Workgroup 

Windows Update 

Last checked for updates 

Windows Firewall 

Public Off 

Windows Error Reporting 

Remote management 

Enabled 

Customer Expenence Impto 

Remote Desktop 

Disabled 

IE Enhanced Security Confic 

NIC Teaming 

Disabled 

Time zone 

Ethernet 

10.0.0.2 

Product ID 

Ethernet 2 

Disabled 


Operating system version 

Microsoft Windows Server 2012 Standard Evaluation 

Processors 

Hardware information 

System manufacturer System Product Name 

Installed memory (RAM) 
Total disk space 


5. In the System properties dialog box click Change. 
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6. Select Member of DOMAIN and enter the Domain Name.(Ex:Microsoft.com) 



7. Enter the user name Administrator and Password. Click OK. 



8. Welcome Message appears indicating that the computer was successful in joining the Domain, 
click OK. 



9. Click OK -> click OK, and click Close to close the System Properties dialog box. It will ask for 
restart, click Yes. 

10. After restarting the computer it will become Member Server. 

Verification: 

1. Go to Server Manager, select Local Server. 

2. Verify for the Domain MICROSOFT.COM. 
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Lab - 9: Creating Domain User Accounts 


Objective: 

To create Domain Users in Active directory Domain controller 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A member server running windows sever 2012 or client running windows 7. 

Topology: 


MICROSOFT.COM 



SYS1 


SYS2 


Domain Controller Member Server / Client 


IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 

1. Log in as Administrator to the Domain Controller. 

2. Press Windows Key to go to Start, select Active Directory User and Computers. 


3. 


Start 


m 

LCzI] 

T 

Clll 

Server 1 Amtgii 

Widows 

Admirnbalive 

Tools 


m 


Computer 

IsU. \UnKjer 


W 

0 


ConfroJ ParvH 

Internet fxpiorrr 


Desktop 




Administrator £ 



T 

Active D rectory 
t>:<rsand ... 

Attrve [> r«tory 
Module tor.. 

if 

M 

Aclrve [> rectory 

Sites and... 

Actrve l> rectory 
Domains and... 


n 

Active Di rectory 
Administrative 

ADSI rdit 

w 

• 

jAl 

Group Pokey 
Mvnagetnenl 

DNS 


In the console tree, expand your domain MICROSOFT.COM, and then right click Users 


Container, select New User. 


Active Directory Users and Computers 



X 


File Action View Help 


«•*! a si| * □ xiBi 

□ T=3 

tktrak 

□ Active Directory Users and Computers [sys 

Name Type 

Description 

\> ill Saved Queries 


Administr... User 

Built-in account for ... 

‘ & Microsoft.com 


Al lowed ... Security Gr... 

Members in this gr.. 

ir ij Builtm 


fltCert Publi.. Security Gr... 

Members ol this gr_ 

l- u Computers 
i- 3. Domain Controllers 


♦.Cloneable. Security Gr 

Members ol this gr 

I* T. ForeignSecuntyPnncipals 


^Denied R... Security Gr.. 

Members in this gr.. 

i Managed Service Accounts 


iftDnsAdmins Security Gr... 

DNS Administrator. 

2 Users 


SLDnsUpdat.. Security Gr. 

DNS clients who ar_ 

Delegate Control. 


% Domain A... Security Gr. 

Designated admini... 

Find. 


* Domain C_ Security Gr.. 

All workstations an 

New 

» 

Computer 

II domain control!.. 

All Tasks 

» 

Contact 

II domain guests 

View 

Refresh 

Export List . 

» 

Group 

inetOrgPerson 

msImaging-PSPs 

MSMQ Queue Allas 

II domain users 

esignated admini.. 
lembersol this gr_ 
lembers in this gr.. 

Properties 



Printer 

uilt-in account for ... 

Help 


User 

[ervers in this grou... 



Shared Folder 

lembers of this gr_ 



M. Schema A... Security Gr 

Designated admini... 



IftWinRMRe Security Gr 

Members o( thisgr.. 

< | III 

1 > 1 




Create a new object... 
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4. Specify the First name and User Logon name and then click Next. 



5. Enter the Password and Confirm Password for the User account, click Next. 



6. Review the configuration settings for the User Account and then click Finish. 


Verification: 

1. Login as User (Userl@Microsoft.com) in Member Server or Client. 


Start 


userl 

Servct Manager 

r 

WirnkMn 

PowrtStell 

tih 

AdmkMMiM 

look 


m 


Computer 

T wJk Vwm-jw 


IF 

Contod Panel 

m 

Inlrmn Ej pAcxer 


D«*top 
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Lab - 10: Changing Default Password Policy 


Objective: 

To change default password policies 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A member server running windows sever 2012 or client running windows 7. 

Topology: 


MICROSOFT.COM 



SYS1 


SYS2 


Domain Controller 


Member Server / Client 

IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 

1. Log in as Administrator to the Domain Controller. 

2. Press Windows Key to go to Start, select Group Policy Management. 


Start 




Administrator ^ 

■ 

lCzD 

T 

Cl 



T 


Server fcW^r 

Wridfw 

PovretS»V?ll 

AdmirntMlive 

Tools 


Aflweftrtrtoiy 

Ifecvsand... 

Active f> rectory 
Module lor-- 


Q 

* 


rf 

M 


Computer 

1*0. Menage* 


Active Directory 

Sites and... 

Active Drectory 
D^maim and... 


I* 

0 


■ 

n 


Control PsrvH 

Internet fxplorrr 


Active Directory 
Adminictrotive 

ADSI Tdit 





w 

* 

jAl 


Desktop 



Group Pofccy 
Management 

ONS 








3. Expand Forest-^ Expand Domains Expand Microsoft.com -fright click Default Domain 
policy and select Edit. 


Group Policy Management 


_ of 


a File Action View Window Help 

M @ X o | H EB 

& Group Policy Management 
* Forest Microsoftcom 
• & Domains 

* S 3 Microsoft.com 


. Default Domain Policy 
t- aj Do 


V l'i Grc 

>■ m 

I- 3 Sta 
i> « Sites 
*? Group P< 
% Group P< 


Default Domain Policy 

: ; " L -’.a Is ier.ings Delegation 

Links 

Display links in Si la loess on 


Microsoftcom 


Edit. 


ites domains, and OUs aie linked to this GPO 


Enforced 
| V ] Link Enabled 
Save Report. 

View 

New Window from Here 
Delete 
Rename 
Refresh 
Help 


fcntoiceo 

No 


Link Enabled 
Yes 


Path 

Micro soil com 


liny 

Ihis GPO can only apply to Ihe following groups users, and computeis. 


Jt ed Users 



Add.. 

Remove Propeites 



WMI I liter inq 

This GP 0 is linked to the foil owing WMI filter 


*none> 


Open 


Open the GPO editor 
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4. Expand Computer Configuration -^Expand Policies-^ Expand Windows Settings-^ Expand 
Security Settings -^Expand Account Policies ->Open Password Policy. 



Group Policy Management Editor 

_ 0| X | 

File Action View Help 

aim] x,t B t 




Default Domain Polity ISYS1.MICROSOfT.COM! P ~ 
* Computer Configuration 
4 B3 Polides 

k -t Software Settings 
4 f Windows Settings 

l> A Name Resolution Policy 
£3 Scnpts (Startup/Shutdown) 

4 aft Security Settings 
4 Account Policies 
v ji Password Policy 
k 3i Account Lockout Policy 
l- jS Kerbetos Policy 
V a Local Policies 
k j Event Log 
l 4 Restricted Groups 
i- 4 System Services 
I 1 Registry 
I- .4 file System 

k 2 i Wired Network (IEEE 802.3) Policie 
t J Windows Firewall with Advanced S 
J3 Network List Manager Polides 
f H Wireless Network (IEEE 802 11) Pol 
I- 3 Public Key Policies 
t 2 Software Restriction Policies 
l J Network Access Protection 
l- 13 Application Control Polides v 

<r i ~~>i 


Policy * 

Enforce password history 

Maximum password age 

Minimum password age 

Minimum password length 

Password must meet complexity requirements 

Store passwords using reversible encryption 


Policy Setting 

24 passwords remember.. 

42 days 

1 days 

7 characters 

Enabled 

Disabled 


5. Double click Minimum Password Length. 


Q 

Group Policy Management Editor 

1 

Q 

X 

£ile Action View Help 

«•* ifo] KD =» B a 




Default Domain Policy ISYS1.MICROSOET.COM! P - 
4 A- Computer Configuration 
4 H Policies 

k S3 Software Settings 
4 J Wndows Settings 

i- d Name Resolution Policy 
J Scnpts (Startup/Shutdown) 

4 & Security Settings 
4 JS Account Policies 
k Ji Password Policy 
i. £ Account Lockout Policy 
i> ji Kerberos Policy 
f J Local Policies 
k l| Event Log 
k Ji Restricted Groups 
k Ji System Services 
k Ji Registry 
k 4 Pile System 

k £,i Wired Network (IEEE 802 3) Policie 
k i ' Windows Eirewall with Advanced S 
2 Network. List Manager Policies 
k Mf Wireless Network (IEEE 80211) Pol 
k 2 Public Key Policies 
k IK Software Restriction Polides 
k IK Network Access Protection 
k IM Application Control Policies s 

< I m > 


Policy 

, Enforce password hrstory 
Maximum password age 
Minimum password age 

I '10 

Password must meet complexity requirements 
Store passwords using reversible encryption 


Policy Setting 
24 passwords remember- 
42 days 
1 days 


Enabled 

Disabled 
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6. Change the length value from (7 to 0) and click Apply and OK. 


Minimum password length Properties 

Security Policy Setting E"*'" ! 

Mirim jit password length 

(v Define this policy sotting 
No password requued 
0 v characters 



7. 


OK 


Cancel 


Apply 


Double click Password must meet complexity Requirements. 


Group Policy Management Editor 


_ a 


File Action View Help 

** *iXQ^ Ba 


' Default Domain Policy [SVSl.MICROSOFT.COM! P_* 
* ComputerContiguration 
-* B Policies 

v SI Software Settings 
a SI Windows Settings 

t J Name Resolution Policy 
ij Scripts (Startup/Shutdown) 

• 2i Security Settings 
* ~£ Account Policies 
jj Password Policy 
v la Account Lockout Policy 
i. jf Kerberos Policy 
v J Local Policies 
i* J Event Log 
i> 2k Restricted Groups 
u 2k 5ystem Services 
i. 2k Registry 
v -4 File System 

if id Wired Network (IEEE 802.3) Policie 
i> B Windows Firewall with Advanced S 
S Network. List Manager Policies 
i yt Wireless Network {IEEE 802.11) Pol 
u B Public Key Policies 
if IB Software Restriction Policies 
if H Network Access Protection 
!• ■ Application Control Policies v 
< [ in I I > 


Policy 

- .1 Enforce password history 
U4 Maximum password age 
Minimum password age 
bVj Minimum password length 


'assword must nr eet complexity requirements 


i Store passwords using reversible encryption 


Policy Setting 
24 passwords remember.. 
42 days 
1 days 
0 characters 


Enabled 


Disabled 
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8. 


Select Disabled and Apply and OK. 

Password must meet complexity requirements Prope x 


S«: jrity Policy Selling Explain 1 

Password must moot complexity tequrements 




[v Define ibis poky setting 
0 Enabled 

• C s a Died 


OK 


Cancel Apply 


9. Go to Start, type Run in Search Apps, and select Run 


AppS Results for "RUN * 

Search 


Apps 



1 P IN 

■3Z1 

Run 




[p ^P' 

t 


■H Sett mgs 

8 


m Files 

0 


^ Internet explorer 



10. Type GPUPDATE and It refreshes the policy changes. 


" 


Run 

Bl 


Type the name of a program, foldet, document, or 
Internet resource, and Windows will open it for you. 


Open 

gpupcate 


V 



■y This task will be created with administrative privileges. 



OK 

: 

Cancel 

Biowse- 
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Lab - 11: Enabling Account Lockout Policy 


Objective: 

To Configure Account Lockout Policies 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A member server running windows sever 2012 or client running windows 7. 

Topology: 


MICROSOFT.COM 



SYS1 


SYS2 


Domain Controller 


Member Server / Client 

IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 

1. Log on to D.C as Administrator, click Press Windows Key to go to Start, select Group Policy 
Management. 


Start Administrator £ 


m 

ra 

T 

Cl 

♦ 

T 

Server lArwagtr* 

Wndows 

ArJmimtrdlrve 

Tools 

Actwe Or«tory 

lN<*S MMi . 

Active T> rectory 
Module tor .. 

Q 

m 


if 


Computer 

1 xJk. Msnarjet 


Active O rectory 
SHa and... 

Active Orectory 
Domains and... 

1® 

£ 


1 

B 

Control PvtH 

Internet fyptomr 


Artrvn Directory 
Arirniar.Tmtivr 

ADSI Fdit 




F 

* 

Jk 

Desktop 

■ 


Group Poky 
Mwnigeinent 

DHS 


2. Expand Forest-^ Expand Domains-^ Expand Microsoft. comH> right click Default Domain 
policy and select Edit. 



Group Polity Management 

- a x 

File Action View Window Help 


- S ] x 


_£ Group Policy Management 
u A Forest Microsottcom 
• Domains 

* K MiCTOSOtt.com 

. Defa ult Dom ai n Policy 


Default Domain Policy 


Scope | Details | Setings | Delegator 

Links 

Display links in this location I Micro so* com 


Edit.. 


v £1 DcJ 
f 3 Gm Enforced 


lies domains, and OUs are linked to this GPO 


t -a STfl 
t» bft Sites 
;if Group Pc 
£-' Group Pc 


V Link Enabled 

Save Report.. 

View 

New Window from Here 
Delete 
Rename 
Refresh 
Help 


Enforced 

No 


Link Enabled 
Yes 


Pan 

Microsot.com 


ring 

th s GPO can only apply to ltiofol lowing groups, users and computers: 


Users 


Add 


Remove 


Properties 


WMI Filtering 

This GPO is linked to the fell owing WMIfiitei. 


Open 


Open the GPO editor 
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3. Expand Computer Configuration Expand Policies Expand Windows Settings -^Expand 
Security Settings Expand Account Policies-^ Open Account Lockout Policy. 




Group Policy Management Editor 


L- 

Eile Action View Help 

4* tofiil X * U 7T 

Default Domain Policy ISYS 1 . MIC ROSOFT.CO 
a Computer Configuration 
a fll Policies 

k aB Software Settings 
a m Windows Settings 

A , 

Policy A 

- Account lockout duration 

! i Account lockout threshold 

Reset account lockout counter after 

Policy Setting 

Not Defined 

0 invalid logon attempts 

Not Defined 



l> _j Name Resolution Policy 
Scripts (Startup/Shutdowni 
a * Security Settings 
a Account Policies 
v 31 Password Policy 
v is Account lockout Policy : 
t- 3 Kerberos Policy 
F 3 Local Policies 
!■ _j Event Log 
s 4 Restricted Groups 
ir i System Services 
I- 1 Registry 
l _a File System 

t J Wired Network (IEEE 802.3) Po 
t J Windows Firewall with Advanc 
Ifi Network List Manager Policies 
i- et Wireless Network (IEEE 802 1 1 
k £ Public Key Policies 
(• i) Software Restriction Policies 
v U Network Access Protection 
v _i Application Control Policies 


s . r> 

I > 


4. Double click. Account lockout threshold. 


m 


Group Policy Management Editor 


I 1 


Eile Action View Help 


•¥[ x 


Q ~ 


Si Default Domain Policy [SYS1 MICROSOFT CO 
a rfW Computer Configuration 
a £ Policies 

I- H Software Settings 
a . Windows Settings 

i ifi Name Resolution Policy 
ih Scripts (Startup/Shutdown j 
a a Security Settings 
a ji Account Policies 
t JS Password Policy 
I- _i Account Lockout Policy = 
1 - .2 Kerberos Policy 
tf J Local Policies 
f j Event log 
F Li Restricted Groups 
f C* System Services 
F a Registry 
F a file System 

F is' Wired Network (IEEE 8023) Po 
t m Windows Firewall with Advanc 
If Network List Manager Policies 
F j Wireless Network (IEEE 802.1 1. 

F fi Public Key Policies 
l f Software Restriction Policies 
F S Network Access Protection 
F Application Control Policies 


<1 


III 


I in r 


Policy 

Account lockout duration 


If 1 Account lockout threshold 


Policy Setting 
Not Defined 


0 invalid logon attempts 


Reset account lockout counter after 


Not Defined 
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5. Enter the Value for Number of invalid logon attempts(Ex: 2) 



6. Set the Account lockout duration and click OK. 


Suggested Value Changes 

Because the value of Account lockout tfiresho Id is now 2 invalid logon attempts. Ihe setting a foe Itte 
following items will be changed ID Ihe suggested values. 


Policy 

Policy Soiling 

Suggested Sotting 


v., Acc o uni lockout du lat o n 

Not Defined 

30 minutes 


_ , Reset account lockout courier alter 

Not Defined 

30 minutes 


<1 

III 


> 


OK 


Cancel 


7. Close the Group Policy Management Window. 

Verification: 

1. Enter the password for user (Userl) wrongly for 2 times while logging in and the user account 
will be locked. 
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Unlocking the locked User Account Manually 

1. Log on to D.C as Administrator, click Start Programs Administrative Tools Active 
Directory Users and Computers. 


Right click the User (Userl) and select Properties. 


Active Directory Users and Computers 


l- “ 


file Action View Help 

* afinl i 0 X 5l g B ss 

3 Active Directory Users and Computers [sys 
t S Saved Queries 
■* J>J Microsoft.com 
^ K Builtin 
i- L£ Computers 
I- m , Domain Controllers 
I- iS ForeignSecurityPnncipals 
•> C Managed Service Accounts 
Cl Users 


\ * tt t a >. 

Name * 

4* WmRMRemoteWMIU5ers_ 

U 


4* Schema 
4» Read or 
4I.RAS and 
.?. Guest 
4!, Group Pi 
4*. tnterpris 
4* Enterprir 
4*. Domain 
4l Domain 
4*. Domain 
4*. Domain 
4i Domain I 
4* DnsLIpd 
4*,DnsAdmW 


Copy... 

Add to a group... 
Disable Account 
Reset Password... 
Move.. 

Open Home Page 

Send Mail 

All Tasks 

Cut 

Delete 

Rename 

Properties 

Help 


Type 

Security Group 

ity Group - 
ily Group • 
ity Group - 

ity Group - 
tty Group - 
ity Group - 
ity Group - 
ity Group - 
ity Group - 
ity Group - 
ity Group - 
ity Group - 
security Group - 


41 Denied RODC Password Replica... Security Group - 
41Cloneable Domain Controllers Security Group - 
4l Cert Publ ishers Security Group - 

41 Allowed RODC Password Rep lie... Security Group - 
?, Administrator User 


Domain Local 

Universal 

Global 

Domain Local 

Global 

Universal 

Universal 

Global 

Global 

Global 

Global 

Global 

Global 

Domain Local 
Domain Local 
Global 

Domain Local 
Domain Local 


Description 
Members of this grou... 

Designated admimstra... 
Members of this grou- 
Servers in mis group c_ 
Built-in account for gu.. 
Members in this group .. 
Members of this grou~ 
Designated admimstra.. 
All domain users 
All domain guests 
All domain controllers.. 
All workstations and s.. 
Designated admimstra.. 
DNS clients who are p.. 
DNS Administrators Gr.. 
Members in this group.. 
Members of this grou_ 
Members of this grou- 
Members in this group.. 
Built-in account for ad.. 


Opens the properties dialog box for the current selection. 


Check the box Unlock account ^ click Apply and OK. 


Userl Properties 


71 a r Environ mer* Sessions 

Remote Desktop Services Profle 


Remote control 
COM* 

General | Address Account | PiaBe j Telephones ] Organization | Member Of 


User logon name. 


Userl 

| ©Microsoft.com v 

User logon name (pre-Windows 2000). 

MICROS orn 

Userl 


Logon Hours 


Log On To 


i^i Unlock account This account is currently locked out on this Active Directory 
— ' Do man Coot o I tor 


Accountflplons 


[y User must change password at next logon 
r User cannot change password 
I Password never expires 

Store password using reversible en cry pa on 


Account expires 
J#) Never 
Q£nd of 


Saturday February 23.2013 


OK 


Cancel 


Apply 


Help 


Verification: 


Log in as User (Userl) in client or Member Server. 
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Lab - 12: Configuring Logon to and Logon hours permissions 


Objective: 

To place time and machine restrictions on a user using Logon to and Logon hours 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A member server running windows sever 2012 or client running windows 7. 

Topology: 



SYS1 


SYS2 


Domain Controller 


Member Server / Client 

IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 

1. Log on to D.C as Administrator, click Start Programs Administrative Tools Active 
Directory Users and Computers. 

2 . 


3. Select Account, click Log On To. 


Right click the User (Userl) and select Properties. 


Active Directory Users and Computers 


L- °l 


file Action View Help 

** a fiil £ ox m £ t'Bm 

3 Active Directory Users and Computers [sys 
t' Si Saved Queries 
* A Microsoft.com 
s ifl Builtin 
y 1)2 Computers 
y Domain Controllers 
y Ifl foreignSecuntyPrincipals 
y lS Managed Service Accounts 
Bl Users 


* k to ▼ a •k 

Name " 

4* WinRMRemoteWMIUsers_ 

ll 


4*. Schema 
4* Read -or 
4»,RAS and 
•. Guest 
41 Group Pi 
4* Enterpri! 
4JEnterpn: 

4», Domain 
4l Domain 
41 Domain 
4*. Domain 
41 Domain I 
4lDnsUpd 
41 DnsAdmins 


Copy- 
Add to a group... 
Disable Account 
Reset Password - 
Move- 

Open Home Page 

Send Mail 

All Tasks 

Cut 

Delete 

Rename 

Properties 

Help 


Type 

Security Group 

ity Group - 
ity Group - 
ity Group - 

ity Group - 
ity Group - 
ity Group - 
* ity Group - 
ity Group - 
ity Group - 
ity Group - 
ity Group - 
ity Group - 
security Group - 


41 Denied RODC Password Replica .. Security Group 
41 Cloneable Domain Controllers Security Group 

41 Cert Publishers Security Group 

41 Allowed RODC Password Replic- Security Group 
•.Administrator User 


Domain Local 

Universal 

Global 

Domain Local 

Global 

Universal 

Universal 

Global 

Global 

Global 

Global 

Global 

Global 

Domain Local 
Domain Local 
Global 

Domain Local 
Domain Local 


Description 
Members of this grou... 

Designated administra- 
Members of this grou- 
Servers in this group c_ 
Built-in account for go.. 
Members in this group ... 
Members of this grou- 
Designated admimstra- 
All domain users 
All domain guests 
All domain controllers- 
All workstations and s... 
Designated admimstra- 
DNS clients who are p - 
DNS Administrators Gr. 
Members in this group - 
Members of this grou._ 
Members of this grou- 
Members in this group... 
Built-in account for ad.. 


Opens the properties dialog box for the current selection. 
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4. Select the following computers, Enter computer name (Ex: sysl), click Add and OK. 



5. Click Logon Hours 



6. Select the timing and select Logon Permitted. 



Verification: Try to Log in as User (Userl) in client or Member server sys2 
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Lab - 13: Changing Allow Logon Locally Policy 


Objective: 

To allow users logon to domain controller 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

Topology: 



MICROSOFT.COM 


SYS1 

Domain Controller 

IP Address 10.0.0.1 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 
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Steps: 

1. Log in as Administrator to the Domain Controller, click Press Windows Key to go to Start, 
select Group Policy Management. 


Start 



Administrator ^ 

h 

T 

ft 


T 

Server fcWmgtr 

W 

Po*e*Sne4l 

Admirtstidlive 

Tools 

Actrve O rectory 
Iters and . . 

Active I> rectory 

Module for- 

Q 

m 

i* 

a 

Computer 

T avl 

Adrve Directory 
Me and... 

Actrve I> rectory 

Dgmwii and... 


0 

■ 

n 

Control ParvH 

Internet fjrplorrr 

Artwe DTrectory 
Arirwinitlratwe 

ADSI Edit 



W 

* 

jL 

Desktop 


Group Pofccy 
M^nigefnent 

DNS 






2. Expand Forest-^ Expand Domains-^ Expand Microsoft.comH> Expand Domain 
Controllers-^ Right click Default Domain Controller Policy and select Edit. 



Group Policy Management 

| _ a | x 

it File Action View Window Help 

«■ + fifin] Xo Di 


- 1" 


iL Group Policy Management 
* v\ Forest Microsoftcom 
• Qfc Domains 

A 3>3 Microsoft.com 

nT Default Domain Policy 

* 3) Domain Controllers 

Default Domain Controlleis P ^iiarL 
V : i Group Policy Obiects 
t- :* WMI Filters 
l- 2 Starter GPOs 
t A Sites 

rD Group Policy Modeling 
lh Group Policy Results 


Default Domain Controllere Policy 

Scope | Details I Sellings ) Delegafe j 
I inks 

Display links in Ihi* location- 


Microsoftcom 


The following 3ies dorrain3 and OUa are linked to this GPO 


lilTJ/ 

edit-. 

lrrnsnn 

Enforced 


V Link Enabled 

Save Report _ 

View 

» 

New Window from Here 

Delete 


Rename 


Refresh 


tielp 



Enforced 

No 


Link Enabled 
Yes 


Paih 

Mic i os oft.com/Dom. 


can only apply to lh« following groups. users. and computers 


Add 

Ramova 

P roparbas 



WMI I iltenng 

This GPO *3 linked 10 tie following WMI filter 


Open 


Open the GPO editor 
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3. Expand Computer Configuration -^Expand Policies - ^ Expand Windows Settings-^ Expand 
Security Settings -^Expand Local Policies-^ Select User Rights Assignment Double click 
Allow logon locally. 


J} 

Group Policy Management Editor 

1- 

File Action View Help 

** aim] xil ii» u 




Default Domain Controllers Policy ISCSI. MICROS' n 

Policy “ 

Policy Setting 

A 

* tfr Computer Configuration 

Access Credential Manager as a trusted caller 

Not Defined 


* a Policies 

Access this computer from the network 

Everyone,Adm i nistrators, ... 


t- M Software Settings 

Act as cart of the operating system 

Not Defined 


a B Windows Settings 

i- M Name Resolution Policy 

Scnpts (Startup/Shutdown) 

A & Security Settings 
t- j3 Account Policies 

Add workstations to domain 

Adjust memory quotas for a process 

Authenticated Users 

LOCAL SERVICE, NETWOR.. 


-■ - i 


Allow log on through Remote Desktop Services 

Not Defined 

= 

■* j Local Policies 

Li Back up files and directories 

Administrators, Backup 0- 


!■ j Audit Policy 

Bypass traverse checking 

Everyone,LOCAL SERVICE,., 


v i User Rights Assignment 

Change the system time 

LOCAL SERVIC E Ad minist. 


v j Security Options 

- Change the time zone 

Not Defined 


I- i Event log 

Create a pagefile 

Administrators 


1 A Restricted Groups 

Create a token object 

Not Defined 


t 14 System Services 

Create global objects 

Not Defined 


1 -4 Registry 
i- _4 File System 

S tjf Wired Network (IEEE 802 3] Policie 

U Create permanent shared objects 

Not Defined 


- Create symbolic links 

Not Defined 


i- 1 Windows Firewall with Advanced SuJ 

Debug programs 

Administrators 


B Network List Manager Policies 

Deny access to this computer from the network 

Not Defined 


h nf Wireless Network (IEEE 802.1 1) Pol 

Deny log on as a batch job 

Not Defined 


r 2 Public Key Policies 

Deny log on as a service 

Not Defined 


r 2 Software Restriction Policies 

E Deny log on locally 

Not Defined 


v 2 Network Access Protection 

Deny log on through Remote Desktop Services 

Not Defined 


^ 2 Application Control Policies 

Enable computer and user accounts to be truste. 

Administrators 


< r > 

Force shutdown from a remote system 

Admimstrators.Server Op... 

V 


4. Click Add User or Group Click Browse-> Enter the Username ->Click OK. 



5. Click OK-> OK-> Apply and OK. 

6. Go to Start, type Run Type Control Panel in Search Apps, and select Run, type GPUPDATE and 
it refreshes the policy changes. 


Verification: 


1. Log on to Domain Controller as Domain User (Userl). 
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Lab - 14: Security Level Permissions 


Objective: 

To apply security permissions for securing user data 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A member server running windows sever 2012 or client running windows 7. 

Topology: 


MICROSOFT.COM 



SYS1 


SYS2 


Domain Controller 


Member Server / Client 

IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 

1. Open Computer-^ Go to any NTFS partition and create a folder (DATA), along with some files 
in it. 


jOp’i 

I Hot? w* 

© ' t 


New Volume (E:) 


► Computer * New Volume (E:) 


I- * 

v 0 

Search New Volume (E:) P j 


• Favorites 
B Desktop 
k Downloads 
»> Recent places 

'3 libraries 
Documents 
i. Music 
>, Pictures 
i Videos 



Data 

File folder 


^ Computer 


Ms Network 


2. Right click the folder (DATA) and select properties and click Security tab”> click Advanced 
tab ->click Edit ->click Disable inheritance. 



3. Click Remove -> Apply ->OK->OK 

4. Click Edit 
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5. Add Administrator Administrators and allow Full control permission. 


Permissions for DATA 


Security 

0 bject na mo: E:vDAT A 


Group or user names 

X Adminisfratot (MICROSOFTWiminislrator) 


Add 


Be move 


Eeimissions for Administrator 

Allow 

Deny 


Full control 

0 

□ 

A 

Modrfy 

0 

□ 


Read & execute 

0 

□ 

= 

List folder contents 

0 

□ 


Read 

0 

□ 

V 


Leam about access control and permissions 


OK 



Cancel 

Apply 


6. Then Add the Users (Userl) and Allow Read permission. 

7. Click Apply-* OK-» OK 
Verification: 

1. Login as User (Userl) on the same computer, and Open Computer icon, and verify the 
respective permissions by accessing the folder. 


rv 1 i_if l£ * 1 New Volume (E:) 

1- S 

X 

File 

f Home share view 


v Q 


© 


’ T 


► Computer ► New Volume (E:) 


v ( j Search New Volume (E) P 


4 Favorites 
W Desktop 
X Downloads 
Recent places 

"3 Libraries 
Documents 
^ Music 
- Pictures 
ft. Videos 

■V Computer 

Network 


Data 

Fite folder 


2. The User can just read the Files and Folders. 
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Lab - 15: Share Level Permissions 


Objective: 

To apply permissions on shared folders that protects files accessed across network 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A member server running windows sever 2012 or client running windows 7. 

Topology: 


MICROSOFT.COM 



SYS1 


SYS2 


Domain Controller 


Member Server / Client 

IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 

1. Logon to a Computer as Administrator, Open Computer-^ Open any drive and create a folder 
(SALES) along with some files in it. 


2. Right click the folder (SALES) and Select Share 


^ 1 0 lb - 1 

New Volume (E:) 

_|S X 

| Home Share view 


V 0 


(?) ■ r T tap ► Computer ► New Volume (E:) ► v 0 1 | Search New Volume (E:) fi 


k Favorites 

Name 


Date modified Type 

B Desktop 

JL Data 


1/24/201310:40 PM File folder 

Jl Downloads 

L Sales 


1/141 

’201310:40 PM File folder 

Open 

Open in new window 

Pin to Start 

Recent places 

(3 Libraries 

' Documents 




Share with 

► 

& Stop sharing 

.i Music 


Restore previous versions 


3 Specific people... 

wj Pictures 

^ Videos 

V Computer 

Local Disk(C) 


Include in library 

► 



Send to 

» 



Cut 

Copy 

Paste 



v- New Volume (EO 

^ KINGSTON <F:> 


Create shortcut 

Delete 

Rename 



S& Network 


Properties 



3. Select the drop down arrow mark and select Find“> enter the User name (Userl)-> click 
OK”^ select the User(Userl)and assign Permissions (Ex: Read/Write)-^ click 
Shared click Done. 
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Access the Shared folder 

1. Logon to Member Server or Client as User (Userl) Open Network. 

2. Open System Name in which the shared folder is present. 

3. Access the shared folder (SALES) & verify the permissions by creating some files. 



Accessing Shared folders using UNC Path: 

1. Logon to Member server or Client as a User. 

2. Click Start click Run and type the Syntax \\Servername\Sharename. Example: \\SYS1\SALES 
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Lab - 16: Adding Mapped Drives 


Objective: 

To map share folders as drives 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A member server running windows sever 2012 or client running windows 7. 

Topology: 



MICROSOFT.COM 


SYS1 


SYS2 


Domain Controller 


Member Server / Client 

IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 

1. Logon to Member server or Client as a User. 

2. Access the shared folder Sales, Right click on sales folder, select Map network drive. 



Computer 



* V V 



sysl 



| Hoirp Snare View 




V « 

© ■ 

Network * 

sysl 



v C Search sysl P 

★ Favorites 


NETLOGON 

Share 


l Sales 

J Share 


■ Desktop 



Open 

Open in new window 

Pin to Stan 

Restore previous versions 

Js Downloads 

ii Recent places 


SYSVOl 

Share 



j Libraries 

r-l Documents 

J' Music 

IkJ Pictures 





Map network drive 

Copy 

Create shortcut 

Properties 



3. Select the Drive letter (Ex: Z:) and click Finish. 


Sl Map Network Drive 

What network folder would you like to map? 

Specify the drive letter for the connection end the folder that you Aerit to connect to. 


Drive; 

Felder: 


\W3l\Sele> 


Browse.. 


Example V \server\shaie 
@ Reconnect at sign-tn 
□ Connect using different credentials 

Connectto a Web sitetnat you can use to store vour documents ana pictures . 


Finish 


Caned 


Verification: Open Computer Icon and verify for Mapped network Drive 


:*• P * I 

I Computer View 

(?) » t * » Computer 


Computer 


•r Favorites 
■ Desktop 
Downloads 
;• . Recent places 

.4 Libraries 
1 Documents 
Music 
w. Pictures 
Q Videos 


J Hard Disk Drives (2) 

Local Disk (C) 


mm 

arm . 


106 GB free of 12 BGB ^ 

Devices with Removable Storage (1) 

b£) DVD RW Drive (E:) 

Network Location (1) 


_ a 

v o 

v Cj Search Computer P 

Local Disk (D.) 

■ I 

429 GB free of 4 88 GB 




Sales (Wsysl) (Z:) 

■1 


405 GB free pf 4 . 88 C-B 
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Lab - 17: Verifying Access Based Enumeration 


Objective: 

To show only files and folders to which a user has at least read permissions 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A member server running windows sever 2012 or client running windows 7 . 

Topology: 



MICROSOFT.COM 


SYS1 


SYS2 


Domain Controller 


Member Server / Client 

IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 
1. 


Logon to a Sysl as Administrator, Open Computer-^ Open any drive and create a shared 
folder (Ex: Project) with everyone Read/ Write permissions along with some files in it. 2. Right 
click on one of the file and select Properties 


l;Q> i T 


project 

L-I a * 

1 Home '.h^re 

View 


V O 


© 


• T i ► Computer » New Volume (E:) ► project 


- c 


Search project 


■ favorites 
B Desktop 
i> Downloads 
Recent places 

Libraries 
. 1 Documents 
i Music 
t Pictures 
II Videos 

Computer 

Network 


Name 

imp doc 
ft project r. 


Date modified 


Type 


Size 


Open 

Pnnt 

Edit 

Open with 
Share with 

Restore previous versions 

Send to 

Cut 

Copy 

Create shortcut 

Delete 

Rename 


fl/1/2014 12:26 PM Text Document 

1/2014 12:26 PM Bitmap imacje 


Properties 


0 KB | 

0KB 


2. Select Security, click Edit and Add, Enter userl, click OK 


Select Users, Computers, Service Accounts, 01 Groups 

Select ft is obj e ct type 


Users Groups, oi Built-in secunty principals 


Erom tvs location 


micros ottcom 


Fnte r t»e o bject names to 3 e lecl (exams : e3f 

l uSQll { 


Advanced 


Object Typos ... 


Locations 


Check Names 


OK 


Cancel 


3. Select userl and set the permission Deny Read, click OK. 


Permissions for imp doc 

I Secunty 

— 

Object name t Aproje ; f imp d o c.txi 

Group or user names 


Every one 
ai SYSTEM 
X Administrator 

.if Administrators (MICROS OF T\Adminisbators) 
1 userl (user! @m*cro sot com) 



Add 

Remove 


permissions foi userl 

Allow 

Deny 



n 

LJ 


Modify 

□ 

□ 


Read & execute 

□ 

□ 


Read 

□ 

si 

= 

Write 

□ 

□ 


Special permissions 

□ 

□ 

V 


Learn about access conlrol and peirrussfons 


OK 


Cancel 


Apply 


E 
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Verification: 


1. Logon to Member Server or Client as User (Userl). 

2. Open Network Icon, Select SYS1, access the shared folder Project and verify for the files 
present. 



-°i * 


Picture Tools 


project 


|Uj t MM Mjny« 

• T | J P Network ► SYS l * project 


v e 


. Favorites 
■ Desktop 
ll Downloads 
„> Recent places 

^ Libranes 
J_J> Documents 
. Music 
.*>, Pictures 
^ Videos 


Name 

£s project plan 


v | Search project 
Type Size 


Date modified 

8/1/2014 12.26 PM Bitmap image 


0 KB 


^ Computer 
t*. Network 


1 item 1 item selected 0 bytes 

ii 
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Lab - 18: Configuring Local Profiles 


Objective: 

To Configure Local Profiles For Domain Users 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A member server running windows sever 2012 or client running windows 7. 

Topology: 


MICROSOFT.COM 



SYS1 


SYS2 


Domain Controller 


Member Server / Client 

IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 


1. Log on to Domain Controller as Administrator. 

2. Go to Active Directory Users and Computers and create Users (Ex: userl, user2). 
Verification: 

1. 

2 . 


3. Type Control Panel in Search Apps, and select Control Panel. 


i 

3 

0 



Login as User (userl) on Client or Member Server. 

Press Windows key to go Start, 


Ad minis L.. 

Compute* 

* 

Network 


V 

Recycle 

Bin 



Control 

Panel 


SS Windows Server 2012 


Start 
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4. 


In Control Panel search bar, type user profile, select Configure advanced user profile 
properties. 


user p rofil e - Control Panel ~ I s I x 

y & | | m gro fiK * | 

• ■ System 

u ™ *. ~ '♦uuif a«K anifti ■nr' tvt Mg i tt r-r’* «■* 

$ Search Windows He*p and Support for ‘user profit* 


H —— I 

• t Ifi9 ► Control Pand 


5. Verify for User Profile Type and Status to be Local. 



6. Create some files on desktop and go to C: drive ^Open Users Open the user profile (userl) 
folder open desktop folder verify for the files created on Desktop. 
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Lab - 19: Configuring Roaming Profiles 


Objective: 

To Configure Roaming Profiles so that user profile will be carried over the network 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A member server running windows sever 2012 or client running windows 7. 

Topology: 


MICROSOFT.COM 



SYS1 


SYS2 


Domain Controller 


Member Server / Client 

IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 

1. Log on to D.C as Administrator, Open Computer Go to a drive and create a shared folder 
roam with Everyone Read/Write permission. 

2. Go to Active Directory Users and Computers-^ Expand the Domain Name 
(MICROSOFT.COM)->click Users-> Right click the User(userl) and select Properties and 
select the Profile tab. 

3. Under User profile -Renter profile path as 

Syntax: \\Servername\Shared Folder Name\User Name 

Example: \\SYSl\roam\userl. 



4. Click Apply and OK. 
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Verification: 



ZOOM 


TECH NOLOGIESj 


1. Login as useruserl on Client or Member Server and create some files on the Desktop. 

2. In Control Panel search bar, type user profile, select Configure advanced user profile 
properties. 


8BL 

user profile • Control Panel 



- a | X 

'*■) * T C9 * Control P»n«l 


V & 

I tarrow* 



System 


O S ranch Win d ow* Hc*p and 5upportfor ’ujfr profrff* 


3. Verify for User Profile Type and Status to be Roaming. 



4. Logoff this user (userl) and login on another computer with the same user (userl), we can see 
the files which we have created on first computer. 
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Lab - 20: Configuring Home Folder 


Objective: 

To configure network drives for Domain users 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A member server running windows sever 2012 or client running windows 7. 

Topology: 


MICROSOFT.COM 



SYS1 


SYS2 


Domain Controller 


Member Server / Client 

IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 

1. Log on to D.C as Administrator, Open Computer Go to a drive and create a shared folder 
home with Everyone Read/Write permission. 

2. Go to Active Directory Users and Computers-^ select Users and right click User userl and 
click Properties. 

3. Select the Profile tab Under the Home folder, select Connect and Select a drive letter Z: and in 

To: enter\\Server Name\Share Name\User Name. 

Example: \\SYSl\home\userl. 



4. Click Apply and OK. 

Verification: 

1. Login as user (userl) on Client or Member Server. 

2. Open Computer, Locate Home folder under network drives. 


- Q - 

Dnve Tools Computer 

File 

Computer View 

Manege 


"f ► Computer v (j Search Con 


it Favorites 
■ Desktop 
J| Downloads 
Recent places 

jjj Libra-ie: 

[_*) Document; 
J) Music 
(to Pictures 
£f Videos 

Computer 

Network 


* Hard Disk Drives (1) 

Local Disk (G) 


83 1GB free of 99.5 GB 

Devices with Removable Storage (1) 


DVD RVY Dnve (D:) 
* Network Location (1) 


used (Yvsyslvhome) (Z.) 

9.67 GB tree of 9.75 Gb 
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Lab - 21: Installing and Configuring File server resource manager 


Objective: 

To manage and monitor files created by users Using file server resource manager 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A member server running windows sever 2012 or client running windows 7. 

Topology: 



SYS1 


SYS2 


Domain Controller Member Server / Client 


IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Installing FSRM 
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1. In Server Manager Dashboard, click Add roles and features. 




Server Manager 

1- a 

X 


** Dashboard 

■ @i r 

r 

Manage? Tools View 

Help 


I«i Dashboard 


i Local Server 
All Servers 
AD DS 
DNS 

File and Storage Services > 


WELCOME TO SERVER MANAGER 



Configure this local server 


QUICK SIARt 





2 

Add roles and features 



3 

Add other servers to manage 


THAT’S NEW 

4 

Create a server group 





LEARN MORE 



Hide 


ROLES AND SERVER GROUPS 

Roles: 3 | Server groups: 1 | Servers total: 1 


l|i AD DS 1 


& DNS 1 

© Manageability 


© Manageability 


2. In Before you begin page, click Next. 

Add Roles and Features Wizard I - ° x 


Before you begin 


DESTINATION SERVER 
syslMcrosofUom 


Before Vbu Begin 


Insta s"cr Type 
Server Selection 


This wizard helps you install roles role services, or features. You determine which roles role 
services, or features to install based on the computing needs of your organization, such as 
sharing documents, or hosting a website. 

To remove roles, role services, or features: 

Start the Remove Roles and Features Wizard 


Before you continue, verify that the following tasks have been completed: 

• The Administrator account has a strong password 

• Network settings, such as static IP addresses, are configured 

• The most current security updates from Windows Update are installed 


If you must verify that any of the preceding prerequisites have been completed, close the 
wizard, complete the steps, and then run the wizard again. 

To continue, click Next 


I Skip this page by default 


Previous 


Next » 


Install 


Cancel 
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3. In Select installation type, select Role-based or feature-based installation, click Next. 


Add Roles and Features Wizard 


L^ii 


Select installation type 


DESTINATION SERVER 
sysIMicTosofUom 


Before Msu Begir 


Installation Type 


Server Se-ecaon 


Select the installation type You can install toles and features on a running physical computer 01 virtual 
machine, or or an offline virtual hard disk (VHD). 

* Role-based or feature- based installation 

Configure a single server by adding roles, role services, and features. 


Remote Desktop Services installation 

Install required role services for Virtual Desktop Infrastructure (VDI) to create a virtual 
machine- based or session based desktop deployment. 


[ < Previous 


Next > 


Install 


Cancel 


4. In Select destination server, from Server Pool select SYS1, click Next. 


Add Roles and Features Wizard 


- a 


X 


Select destination server 

Select a server or a virtual hard disk on which to install roles and features 

Select a server from the server pool 
1 Select a virtual hard disk 

Server Pool 


Fillet: 


Name 

IP Address 

Operating System 

sys1.Microsott.com 

10.0.0.1 

Microsoft Windows Server 2012 Standard Evaluation 


1 Computer(s) found 

This page shows servers that are running Windows Server 2012, and that have been added by 
using the Add Servers command in Server Manager. Offline servers and newly-added servers 
from which data collection is still incomplete are not shown. 


Before Vbu Begin 
Installation Type 


Server Selection 


Server Roles 
Features 


DESTINATION SERVER 
sys1MfcfOSOft.com 


[ < Previous j | Next > 


Install [ Cancel 
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5. In Roles, expand File and Storage Services, expand File and iSCSI Services, check the box File 
Server Resource Manager, click Next. 


Add Roles and Features Wizard 


Select server roles 


stftVEt 

^ximerwcito'w 


Before X>j 
-sta "vpe 
Server severer 


Server Rotes 


Feature; 


Lried one or more rolet to install on the selected tervet . 


Roles 


1 I Active O' rectory Certificate Servces 
M Active I> re ctcry Doma m Services iinsaled) 

□ Aa<ve 0< rectory fed**tton Sendees 

I I Active Directory lightweight Directory Services 

□ Active rectory Rights Manage mem Services 
[I] Application Server 

□ DHCP Server 

0 DNS Server (Imtrfecf, 

n F» Server 

* 

a ■] * ite and < j - 


0 »ile Server (insraled) 

□ BwieKCafh* for Nerrmrk FUes 

□ feu fefepiication 
‘ 1 [X i Nsme.p.ces 


□ 

□ 

□ 

n 

j 

□ 


Of R^oii eat-n 


File Server Resource M 


255 


File Server VSS Agen Service 
iSCSi Target Server 

iSCS> Target Storage Pros per (VDS and VSS hardware provide 's) 
Server for NFS 


vl Storage Service* CmtiBe- 
□ Hypn-t/ 

I I D— . - «.U f Ca>w 


Description 

«le Server Resource Manager helps you manage and 
understand the tiles and folders on a file server by 
sched- ng file management tasks and sto-age reports, 
cossrfy ng files ond folders configunng folder quotas 
and defining file screening policies 


[""'"lie vious ] ifc*> 1 


C*" 1 J 


6. Click Add Features, to install the required features for Active Directory Domain Services. Click 

Next. 


rL Add Roles and Features Wizard 


x 


Add features that are required for File Server Resource 
Manager? 


The following tools are required to manage this feature, but do not 
have to be installed on the same server. 


■a Remote Server Administration Tools 
•a Role Administration Tools 
a File Services Tools 

[Tools] File Server Resource Manager Tools 


0 Include management tools (if applicable) 


: Add Features 


Cancel 
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7. In Select features wizard, click Next. 


Add Hotel and Features Wizard 


I — 


Select features 


DfSnriAfON 


Befort OJ Bsgin 

-na at>cc ">p« 
Server Seiner 
Sef .ef Pc«5 


rmiiww 


Confirmatjc- 


'elect one or more feature* to i ratal on the selected server 

Fee U«e?> 



Description 

KFT Fram^wo** 3 5 combines the power of the NIT 

framework 2 j 0 &Pli with new trchndc^et for txatfdmg 

appi nations that offer appealing use mtefaces. 
protect your customer personal identify informaron 

enable seam less and secure comrtunKaien and 

provide the at wt/ to model a range of business 
processes 


_< £re*ioi^ | hejit > | 


ratal Cancel ] 


8. Check the box Restart the destination server automatically if required. Click Install. 


9. Click Close, to complete the installation 


Add Roles and Features Wizard 


I I 1 


Installation progress 


XSTttMTOI ; 


Results 


View natafUbon propress 
0 Feature inttallator 


instailat on succeeded on syslmicrosoftcom 

File And Storage Services 
File and iSCSI Services 

File Server Resource Manager 
Remote Server Administration Tools 
Role Administration Tools 
File Services Tools 

File Server Resource Manager Tools 


You can close this wizard without interrupting running tasks. View task progress or open this page again by 
° clicking Notifications in the command bar. and then Task Details. 

Export configurabon settings 


Close 



MCSE Lab Manual 


Page | 98 


www.zoomgroup.com 







ZOOM 


.TECHNOLOGIES. 


Configuring Quota Management using FSRM 

1. Go to Start, select File Server Resource Manager. 


Administrator ^ 


L 

r 

a 


T 

& 

Server Manager 

Window* 

Po*crShcl 

Adniimstratrve 

Tool: 

Ai_ti.tr Directory 
Users and... 

Ai_tf»t* Directory 
Module tor- 

hie Server 

Resource- 

Q 



rf 

a 


Computer 

Task Manager 


At_tt.tr Directory 
Sites and.. 

At-tf^e Directory 
Domains and- 



m 


0 

* 



Acti.tr Directory 


Control Panel 

Internet Explorer 

Administratrvc.- 

AOS! Ed! 



M 

* 

JL 



Group Policy 


Desktop 

ai.n.1 — ■ 

Management 

DNS 



2. Expand Quota Management, right click Quotas, and select Create Quota. 




file Server Resource Manager 


File Action View Help 

*» 4 ' r Li - 

as File Server Resource Manager 
■* ifi Quota Management 
i Quotas 
3 Quota ' Create Quota.. 

t *3 FileScteer Refresh 

ki Storage Ri View 

t ii Clas&ificat He | p 

i File Management ibsks 


~ftrr Showr di Orems 




Actions 


Quota Path 

%... 

limit 

Quota ... Source Temp... Match Te.. Oescnp. . 

Quotas 

A 


Create Quota... 
*•. Retresn 
View 
0 Help 


Create a new quota to limit ttie disk space that a folder can use. 
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3. Click Browse and Select the Quota path (Ex: D:\Home) 



4. Select Auto apply template and create quotas on existing and new subfolders. Select the 
limit and click Create. 
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Verification 


1. Log in as User (Userl) on Client or Member Server (SYS2), Open Computer. 

2. Verify the Size of the Network drive Z: (Home Folder). 


“ 0 *1 

Drive tools Computer 

File 

Computer View 

Manage 


t ► Computer 


it Favorites 
■ Desktop 
Jl Downloads 
Recent places 

.-i Libraries 
y_ Documents 
Music 
b Pictures 
8 Videos 

u Computer 


* Hard Disk Drives (3) 
mm Local Disk (C) 

6.71 GB free of 19 1 GB 

A Devices with Removable Storage (1) 


DVD RW Drive [Ft) 

Network Location (1) 

Userl (\\sys1\home) (Z:) 


Network 


3. Login as other users and verify the size of the Home Folder. 
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Configuring File Screening Using FSRM 

1. Go to Start, File Server Resource Manager; Right click on File Server Resource Manager and 
select Configure Options. 




Me Server Resource Managei 


I I — 


File Action View Help 

+■ * |ft| Li - 





l- ifi Quota Manat 

Connect to Another Computer.. 


l- a? File Screeninj 

Configure Options. 


B Storage Repc 


View * 

anage .. 

i- -S Classification 


Export List. 

jgeme 

File Manager 


Help 

asks 


Actions 

File Server Resource _ •*. 

Connect to Anoth.. 
Configure Options. 
View ► 

Export List . 


□ Help 


Configure options including the SMTP server and default settings lor notifications and reports 


2. Check the box Record file screening activity in auditing database, click OK. 
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3. Expand File Screening Management, right click File Screens and select Create File Screen. 



File Server Resource Manager 


- 'Ll*! 

File Action View Help 

♦ ♦1 * : spj uM 




ail File Server Resource Manager (Local ) 

Fttar Show at: Drain 

Actions 

l> & Quota Management 

File Screen Path Screenrn... File Groups 

Source Tem.. M... 

File Screens * 


File Screens 
3 File Screen 
. 1 File Groups 
B Storage Repoi 
t- S Classification I 
File Managem 


Create File Screen.. 

Create File Saeen exception . 

Refresh 

View 

Help 


f* Create File Screen. 
l»i Refresh 
View 
B Help 


Create a file screen to block specified files on a path. 


4. Click Browse to select the File screen path, select option Block Image Files, and click Create. 


Create File Screen 



File screen path 
D;Mtome 


Browse ... 


file screen properties 

You can either use properties from a file screen template or define custom 
file screen properties . 

How do you want to configure file screen properties 7 

(• Derive properties from this file screen template {recommended): 



Block Image files v 

0 

Block Audio and Video Files 

Block Executable Files 


Block Image files 


Block E-mail files 

Monitor Executable and System Files 

Summary of file screen properties: 

- 

•• Re screen: 


Source template: Block Audio and Video Files 
Screening type: Active 
File groups: Audio and Video Files 
Motif ications : Email , Event log 


Create 


Cancel 



MCSE Lab Manual 


Page | 103 


www.zoomgroup.com 






ZOOM 


TECH NOLOGIES> 


5. Right click on the created file screen, select Edit File Screen Properties. 


is 

file Server Resource Manager 

-j»j *n 

file Action View Help 




* 4| h r| Li t 



6. Select the Screening type Active screening, click OK. 
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Verification 



1. Log in as User (Userl) on Client or Member Server (SYS2), 

2. Open Computer, Network drive Z: (Home Folder) and try to create a New Bitmap Image file. 


^ i * 

Omr« Tools 

Userl (\\sys1\home) (7) 


1 M J 1C 

Share Vievr Manege 



© * t 

Si* * Computer ► Userl (\\sys1\home) (Z:) 


v c Search Userl 

it Favorites 

Name 

Date modified Type Size 


■ Desktop 


This folder is empty. 



A Downloads 
Recent places 


A Libranes 
13 Documents 
Music 
Pictures 
8 Videos 

Computer 

Network 


View ► 

Sort by ► 

Group by ► 

Refresh 

Customize this folder... 


Paste 

Paste shortcut 

Undo Copy Ctrl+Z 


New * 

U Folder 

US Shortcut 

Properties 


Bitmap image 

ED Contact 

Rich Text Document 

Text Document 

Jt Compressed (zipped) Folder 


3. Verify for Access Denied Page. 
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Configuring Storage Reports Management using FSRM 

1. Go to Start, File Server Resource Manager, right click Storage Reports Management and select 

Generate Reports Now. 


=v- file Server Resource Manager 


File Action View Help 

4*+| ®[fr| D|rm| 


At File Server Resource Manager (local) 

Rep.. Repot™ Scope Fold... Sche... 

Sta™ Last- Last™ Next™ 

Actions 

l- a? Quota Management 



Storage Reports Man.. 

F File Screening Management 

Si Storage Reports Management 



E Schedule a New R™ 

Add or Remove R... 

Generate Reports 
,0j Refresh 

I- 15 Classification Management 
(J File Management Tasks 

Schedule a New Report Task . 

Add or Remove Reports for a Report Task. 


Generate Reports Now™ 



Refresh 

View ► 

Help 


View ► 

Q Help 






Configure and generate storage reports interactively. 


2. In settings page, check box File Screening Audit. 


Storage Reports Task Properties 



Settings Scope | Dctvery | 


Report Name: 

[interactive Report Task 5/11/2013 10:02 25 PM 


Report data 

Select reports to generate: 
O Duplicate Files 


File Screening Audit 


□ Rles by Fite Group 
I I Rles by Owner 
I~1 Rles by Property 

I I Folders by Property 

□ Large Files 

Fteview Selected Reports 


Edit Parameters 


To configure a report, 
highlight its label and 
dick Edit Parameters 


Report f omnats 

@ DHTML □ HTML □ XML □ CSV □ Text 


OK 


Cancel 
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3. Select Scope, click ADD and select the home folder (Ex: D:\Home). 


Storage Reports Task Properties 


Settings 


Scope 


Delivery 


Include all folders that store the following kinds of data 


I Application files 

| Backup and Archival files 
i Group files 
t User files 


The following folders are included in this scope: 


Set Folder Management Properties 


Add 


_ □ X 



Remove 


OK 


Cancel 


4. Select Wait for reports to be generated and then display them, click OK. 


Generate Storage Reports I 

You have chosen to generate a set of storage reports now. Depending on the 
types of reports and the volumes and folders reported on , this can take a few 
minutes. 

Choose one of the following: 

0 Generate reports in the background 

Select this option to view saved or e-mailed reports later 

■ • Wait for reports to be generated and then display them 

Select this option to view the reports immediatety upon completion. 


OK 


Cancel 


5. It Generates the Storage Reports 
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6. Select the File Screening Audit Report and Open the report. 



x Favorites 


Name 


Date modified Type Sire 


■ Desktop 
ft Downloads 


t FileScreenAudit5_201 3-05-1 1_22- 5/V,2'J13 10... File j de 
[S FileScreenAiidit5_201 3-05 - 1 1_22.. _5 .20' 3 1C. i TKILDocum. k: 


S. Recent places 


IrJ libraries 
Documents 
J> Music 
2 Pictures 
fcf Videos 

!% Computer 
m Local Disk (CO 
ca New Volume (D 
j New Volume (E: 


** Network 


2 item* 1 item iHrdrd 102 KB 

7. Verify the Report for Blocked image file creation by the users. 
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Lab - 22: Creating an Organizational Unit (OU) 


Objective: 

To create OU's to organize AD objects according to departments 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A member server running windows sever 2012 or client running windows 7. 

Topology: 



MICROSOFT.COM 
SYS1 SYS2 

Domain Controller Member Server / Client 


IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 

1. Press Windows Key to go to Start, select Active Directory User and Computers. 


Start Administrator ^ 



T 



T 

Servff l/.w » 

Wndows 

Po*e<$tell 

A/Jmartcti airy* 

Tools 

Active O rectory 
Owsand - 

Art ive l> factory 
Module lor.. 


* 


i# 

M 

CsMrpijter 

Tel NUiugvr 


Active l> rector) 

S4cs and.. 

Active l> rectory 
Domains and... 

n 

\e 


X 


faitrel PaivH 

Internet frpterp' 


Arrive O rrctory 
ArimirmtntivF . 

ADSlTdrt 





e 

JL 

Desktop 



Group Pofccy 
Menagemenl 

ONS 


2. Right click DomainName-^New^ Organizational Unit. 






J 



Active directory users ana computers 

File Action View 

Help 



4»«* sis] a| 

H H| * * 1 T a Tl 


2 Active Directory Users and Comp 

Name Type 

Description 

t “ Saved Queries 


£ Builtin builtmDom 

_ 

j micnosoft-corr 


_ 

Default container f_ 

.. Default container t.„ 

Default container f.. 

Default container f_ 

Default container l„ 


1 - Builtin 

F X Computers 
F ial Domain Co 
f 1_ Foreign Sea. 
F A Managed S< 

Delegate Control-. 

Find- 

Change Domain- 

Change Domain Controller- 

Raise domain functional level- 


r l2 Users 

Operations Masters- 



New 

1 

Computer 



All Tasks 

► 

Contact 



View 

► 

Group 



Refresh 

Export List. 
Properties 


InetOrgPerson 

msImaging-PSPs 

MSMQ Queue Alias 




Organizational Unit 



Help 


Printer 





User 

Shared Folder 






‘L ■ 

> j 



Create a new object.. 
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Enter the name for OU (Ex: Salesl) and click OK. 



4. Create Users in the Salesl OU (Ex: SI, S2, S3) 


Active Directory Users and Computers 


I I — 


Eile Action View help 

*+ x a x ji> j 

Z Active Directory Users and Comp 
t> lXi Saved Queries 
•r A microsoft.com 
d 23 Builtin 
p 23 Computers 
6 u Domain Controllers 
(• £1 ForeignSecuntyPrincipals 
& J3 Managed Service Accounts 
t> m2 Users 
si sales 


U a 


Name 

Type 

ist 

User 

is2 

User 

&s3 

User 


f a* 


Description 
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Lab - 23: Delegating Control to a User 


Objective: 

To give administrative privileges to a user on a ou 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A member server running windows sever 2012 or client running windows 7. 

Topology: 



MICROSOFT.COM 
SYS1 SYS2 

Domain Controller Member Server / Client 


IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 


1. Go to Active Directory Users and Computers right click OU -^select Delegate Control 


2 . 


- 

Active Directory Users and Computers 

H«l* 

File Action View 

Help 


*1 4 □ 

X H Id U B Te t X X ▼ 1 \ 



3 Active Directory Users and Comp 

Name 

type 

Description 

s il Saved Queues 

Jsi 

User 


ii microsoftcom 

*,s2 

User 


f _J Builtin 
v ‘T Computers 
l ii Domain Controllers 

&s3 

User 



l> _l ForeignSecuntyPnncipals 
(■ . Managed Service Accounts 

£ sales 

I- I User? Delegate Control . 


Move... 


Find- 


New 

► 

All Tasks 

► 

View 

► 

Cut 


Delete 


Rename 


Refresh 


Export List.. 


Properties 


Help 



< f ii i > 

Delegates control of objects in this folder 

Click Next. 



Delegation of Control Wizard 

Welcome to the Delegation of 
Control Wizard 

This wizard helps you delegate control of Active Directory 
objects You can grart users permission to manage users, 
group*, computers, organizational units, and oiher objects 
stored in Active Directory Domain Services 

To contime, dick Next 


< Back 

[ Ned > j 

” 


Cancel 


Help 



MCSE Lab Manual 


Page | 113 


www.zoomgroup.com 




ZOOM 


.TECHNOLOGIES. 


3. Click Add-^ Add the User (Userl). 


Delegation of Control Wizard 

x 

Users or Groups 

Select one or more usets or groups to whom you want to delegate control . 



Selected users and groups 


Add. ] Remove 


< Back 


Next : 


Cancel 


Hep 


Check the Box Create, delete and manage user accounts and Next. 

Delegation of Control Wizard 


I asks to Delegate 

You can seect common tasks or customize your own 




(& Ddcgotc thcfolcwing common tasks: 


0 

Create . delete . end manage user accounts 

A 

0 

Reset user Dass«voros and force password charge ct next logon 


c 

Read ell user information 

= 

□ 

Create, delete and manage groups 


□ 

Modify the membership of a group 


□ 

Manage Group Pofcy links 


c 

Generd e Resultant Set cf Polcy Planning) 


< 

III | > 



O Create a custom task to delegate 


< Back 

Nod > 


Cancel 


Help 


Click Finish. 



Verification: Log on to D.C as User (Userl), Create User in OU. 
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Lab - 24: Creating Groups 


Objective: 

To create security groups for permissions 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A member server running windows sever 2012 or client running windows 7. 

Topology: 


MICROSOFT.COM 



SYS1 


SYS2 


Domain Controller Member Server / Client 


IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 

1. Login as Administrator on a Domain Controller. 

2. Go to Start, select Active Directory Users and Computers. 


Start 




administrator 

•l 

T 

g t 

ft 




* 

Q\ 

% 3 

1 1 


Window* 


Administrative 


Active Directory 

Active Directory 

Rle Server 


PoAcrShcl 

Computer 

Tocfc 


Users and- 

Module for- 

Resource- 

DHCP 




if 

M 

% 

fP 




Actwe Directory 

Active Directory 

It tctnel 

Certification 

Ta± Manager 

Control Panel 


Sites and- 

Domains ar.cL. 

infer matioru. 

Authority 

0 



a 

* 






Active Directory 




Internet Explorer 



Administrative-. 

ADS! Edit 



PRIVATE 


W 

t 

■ 

jAl 



10.0.0.2 


Group Pokey 




Desktop 



Management 

DNS 













3. Right click Users-> Select New Group. 



Active Directory Users and Computers 

..sjm 

File Action View 

Help 


^[rrJ * o 

x i3 a»|siTE|%*:sTaii 



2 Active Directory Users and Compt 
t> Ifi Saved Queries 
■i microsoftcom 
p Builtm 
p _1 Computers 
p A Domain Controllers 
p J ForeignSecuntyPnncipals 
p J Managed Service Accounts 
J Users 


Name 
?, User5 
?, User4 
!i User3 
& User2 
iUserl 


Type 

User 

User 

User 

User 

User 


Description 


% Schema A.. Security 6r... 
BLRead-onl. Security Gr... 



Delegate Control- 
Find... 

New ► 


All Tasks ► 

View ► 

Refresh 

F«pon List- 

Properties 

Help 



User 


Computer 

Contact 


iLDnsU, 


Group 

InetOrgPerson 
msImagmg-PSPs 
MSMQ Queue Alias 
Printer 
User 

Shared Folder 

ju«.\r<r^ 


Designated admmi.. 
Members of this gr... 
Servers in this grou... 
Built-in account for . 
nthisgr... 
Of this gr... 
d admmi.. 
l users 
i guests 
i control!... 
rt io ns an... 
d admini- 


IJDnsAdmins SecurityGr. 
B*. Denied R. Security Gr. 
BtiClonearile.. SecurityGr. 

Cert Publi .. Secunty Gr.. 
Bt.Allov.ee - Security Gr.. 
i Administr... User 


t*r«Q V"V.MI 


uS who ar... 
DNS Administrator.. 
Members in thisgr. 
Members of this gr.. 
Members of this gr.. 
Members in this gr.„ 
Built-in account for.. 


Create a new object- 



MCSE Lab Manual 


Page | 116 


www.zoomgroup.com 





4 . 


Mention the Group name and Select the Group Scope as Domain Local and Group type as 

Security. 


New Object - Group 



Create in: miCTOsoft.com/Users 


Group name: 

MCTTPJJSERS 

Group name (pre -Windows 2000): 

MCTTPJJSERS 

Group type 
(•) Security 
O Distribution 


Group scope 
• Daman local 
O Global 
G Universal 



5. Group will be created successfully. 

6. To add any users to this group. Right click on User account and Select Add to a group 



Active Directory Users and Computers 


File Action View Help 

+ + Site] i\ X53.J? 

□ S| % ft a T M ft 





J Active Directory Users and Corn pi 
t 3 Saved Queries 
a A micro5oft.com 
h iS Builtin 
t> C3 Computers 
t- £ Domain Controllers 
s _i ForeignSecurityPrincipals 
v Managed Service Accounts 
Id Users 



Name’ 

l 

& 

& 
l 

& 

ft Schema A... 
ft Read-cwl... 
ft RAS and L. 
ftMCITPJJS... 
f. Guest 
ft Group Pol... 
ft Enterpri se- 
ll Enterprise... 
ft Domain U... 
ft Domain G... 
ft Domain C... 
ft Domain C... 
ft Domain A... 
ft DnsUpdat... 
ftDnsAgmins 
ft Denied R.. 
ftCloneable.. 
ft Cert Publi... 
ft Allowed ... 
?» Administr... 


Type 


Description 


Secunt 

Securit 

Secunt 

Securit 

User 

Secunt 

Securit, — - 


Add to a group ... 
Disable Account 
Enable Account 
Move... 

Open Mo me Page 

Send Mail 
All Tasks 
Cut 

Delete 

Properties 

Help 


User 


Gr„ 

Designated admim... 

Gr_ 

All domain users 

Gr.. 

All domain guests 

Gr„ 

All domain control!.. 

Gr.. 

All workstations an.. 

Gr_ 

Designated admim... 

Gf- 

DNS clients who ar_ 

Gr_ 

DNS Administrator... 

Gr_ 

Members in this gr... 

Gr_ 

Members of this gr_ 

Gr- 

Members of this gr- 

Gr- 

Members in this gr... 


Built-in account for ... 


Allows you to add the selected objects to a group you select. 
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7. Mention the group name as MCITP_USERS"> click OK. 


Select Groups 



8. Add to Group operation was successfully completed. 



Verification: 

1. Go to Active Directory Users and Computers Right click on Group -^Select Properties 
Select Members Tab - ^ Verify for the User. 
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Lab - 25: Installing and configuring DISRIBUTED FILE SYSTEM 


Objective: 

To configure namespaces and new folders using DFS to manage share folders 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A member server running windows sever 2012. 

Topology: 



MICROSOFT.COM 


SYS1 


SYS2 


Domain Controller 


Member Server 


IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 


MCSE Lab Manual 


Page | 119 


www.zoomgroup.com 


0 



ZOOM 


TECH NOLOGIE! 


Installing Distributed File System (DFS) 

1. In SYS2 (Member Server), Go to Server Manager. Click Add roles and features. 



KS Dashboard 


| Local Server 
li All Servers 

it File and Storage Services t> 


WELCOME TO SERVER MANAGER 


QUICK START 

1 

Configure this local server 

WHATS NfW 

i 2 Add roles and features 

3 Add other servers to manage 

4 Create a server group 

Hide 

LEARN MORE 


ROLES AND SERVER GROUPS 

Roles: 1 | Server groups: 1 | Servers total: 1 


File and Storage 

1 


g Local Server 

1 

* Services 




© Manageability 


© Manageability 


2 . 


In Before you begin page, click Next 


Add Roles and Features Wizard 


n x 


Before you begin 


DESTINATION SERVER 
S^SZJvlicrosofUom 


Before You Begin 


Insta llatior 'ype 
Server Se ecacr 


This wizard helps you install roles, role services, or features. You determine which roles, role 
services, or features to install based on the computing needs of your organization, such as 
sharing documents, or hosting a website. 

To remove roles, role services, or features: 

Start the Remove Roles and Features Wizard 


Before you continue, verify that the following tasks have been completed: 


• The Administrator account has a strong password 

• Network, settings, such as static IP addresses, are configured 

• The most current security updates from Windows Update are installed 

If you must verify that any of the preceding prerequisites have been completed, close the 
wizard, complete the steps, and then run the wizard again. 

To continue, click NexL 


I I Skip this page by default 


• ■ [ Next > 


Install 


Cancel 
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3. 


Installation. 


Add Roles and Features Wizard 


I — 


Select installation type 


DESTINATION SERVER 
SVS2 JAcrosoflcom 


Before >fcu B~gir 


Installation Type 


Server Seectiy 


Select the installation type You can install roles and features on a running physical computer or virtual 
machine, or on an offline virtual hard disk (VHD). 

* Role-based or feature-based installation 

Configure a single server by adding roles, role services, and features, 


Remote Desktop Services installation 

Install required role services for Virtual Desktop Infrastructure (VDI) to create a virtual 
machine-based or session-based desktop deployment. 


< Previous 


Next > 


Install 


Cancel 


4. In Select destination server, from Server Pool select SYS2.Microsoft.com, click Next. 


Add Roles and Features Wizard 


□> x 


Select destination server 


DESTINATION SERVER 
SrS2.MKrosoftxoni 


Be'ore >0u Begir 
installation Type 


Server Selection 


Server Roles 
Features 


Select a server or a virtual hard disk on which to install roles and features. 

• Select a server from the server pool 
C Select a virtual hard disk 


Server Pool 






Filter 






Name 


IP Address 

Operatng System 

SYS2.Mkrosottconi 

10.0.0.2 

Microsoft Windows Savor 2012 Standard Evaluation 


1 Computers) found 


This page shows servers that are running Windows Server 2012. and that have been added by 
using the Add Servers command in Server Manager. Offline servers and newly-added servers 
from which data collection is still incomplete are not shown. 


* Ercvious 


Next ' 


install 


Cancel 
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5. Expand File and Storage Services, Expand File and iSCSI Services, check box DFS Namespaces. 

Add Roles and Features Wizard 


Select server roles 


jiS'i'ta’-ON Wwll 
5*52 wrat^i ter” 


Before MX Begin 
|pr*ll?*cr ~,pe 
Server Siectior 


server Roles 


F*a*_'«S 


Select one or more role* to intta on the srVcted terser 

Roles 

[a 

IT) Adwt Directory Rights Management Services 

f | Application Server 

□ DHCP Server 

□ DNS Server 

□ Fa* S*r*» 

A u - - e : ■ e • r- 

d 1 Rie and iSCS Sc-.»::s r :*: :: 

*? file Server (Installed; 

n BrarcttCache for Netwo«v Fies 

□ C*U DeOupk-^tior 

n«BBB 

□ DFS Replication ■ 

File Server Resource Manager 

□ File Server V5S Agem Service 
("1 iSCSI Target Server 

Q iSCSI Target Stonge Provider (VDS and VSS har<Mare providers) 
d Server lex NFS 

0 Storage Services ! installed) 

□ Wyp«-V 

I 1 'Jetv/oHf Pobcy and Access Services 
f | Print ana Document Services 

t* @ - nrnote Act ess ) '•■Km 'tec 

C I Remote Desktop Services 

n i« . m «• «• f | v 


Description 

DfS Ksrievpa.e-. enables you to group shared folders 
located on different servers mto one or more log tally 
structured namespace? Each nam^pace appear? to 
users as a single shared folder Mirth a senes of 
subfolders However the undertymg structure of the 

nameipace can consist of numerous shared f ciders 
located on different server and <r mu t pie 5<r« 


< Previous £texr > 


instai 


" <*** 1 


6. Click Add Features, to install the required features for DFS Namespaces, Click Next. 


fL, 


Add Roles and Features Wizard 


x 


Add features that are required for DFS Namespaces? 

The following tools are required to manage this feature, but do not 
have to be installed on the same server. 

d Remote Server Administration Tools 
a Role Administration Tools 
d File Services Tools 

[Tools] DFS Management Tools 


0 Include management tools {if applicable) 


Add Features 




Cancel 


0 
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7. In Select features wizard, click Next. 




Add Roles and Features Wizard 


I — 


Select features 


oss^aroN wvu 
5*52 HK'OS^UOm 


Before sx Begir 
Inralaror ',p* 
Ssrs-if Si«c:cr 
se^erPoe* 


Features 


Cc r 1ffn*Jcr 


Srifd one or morr features to irntall on the whetted server 

Features 


NET Framework 3J) Feature! 


t> [•] NcT trsmfv/afti* features (installed) 

l Cl Background Intel /ger.t Transfer Service (BITS) 

f 1 8 <t Locicer Dnwe Encryption 

□ BtLocker Network Unlock 
Cl SranchCachc 

□ Client for NFS 

Cl Data Center Boding 

0 Enhanced Storage 
[~1 Failover Clustering 

!«/) Group Pokey Varu^fmrr-t (imtal'ed) 

Cl Ink and Handwriting Services 
Cl Internet Printing Client 

1 1 IP Address Management (IP AM) Server 
Cl 'ShS Server service 

Cl l PR Port Monitor 
Cl Management OOata IIS Extern* cn 
Cl Media Foundation 
l* □ Message Queuing 

□ Mulfapath I/O 

C] Network Load Balancing 
Cl Peer ‘urre Revolution Protocol 
O QuaMy Windows <*u oo V»deo Experience 

l«el 3 AC f /wmartiAn ^ tli'w aC*# (CIIAO 


Description 

a NET F-amewort 3.5 combines the power of the NET 
Framework 2.0 APIs with new technologies for building 
applications that offer appealing user interfaces 
protect your euttomer* personal ident i ty irrienwanon, 
«nab(« taarr lass and %ctcf« communication and 

provide the at 4t> to model a range of business 
processes 


< | ^ect > ) 


install 


Cance 1 


8. Check the box Restart the destination server automatically if required. Click Install. 


rk 


Add Roles and Features Wizard 


I I — 


Confirm installation selections 


-Z- - 19 L 

5^2 a-radteor" 


Before Begi r 
lns:al!#:cr ',p« 
Server Selection 
Server Poes 


To *KtaA the following roles role services, or features on selected server <J<k Instat 

Restart the destinat on sen ■ ai tomatical > if required 

Optional features (such as adr- nutrition tools! rntght be displayed on thi page because they have beer, seeded au to rnabcwl^. ♦ you do not want 
lo ' stall these optional features, dick Previous to clear the « check boxes. 


Fsii^es 


CC'frmMon 


File And Storage Services 
File and iSCSI Services 
DFS Namespaces 

Remote Server Administration Tools 
Role Administration Tools 
File Sendees Tools 

DFS Management Tools 


E»port configuration settings 
Specif/ an alternate source path 


* 3'fviW j | &r*t > 


install | Canre 


9. Click Close. 
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Configuring Namespace In DFS 


1. In SYS2 (Member Server) Go to Start, select DFS Management. 


Start 




Administrator ^ 

k 

m 

4k 

% 



Windows 

Administrative 

□FS 


Server Manager 

PowctShell 

Tools 

Management 


m 

W 



lad Mana^pt 

Conlrd Panel 



0 

intcmcr Ejqjlcctr 




Desktop 





2. Right click Namespaces and Select New Namespace 


DFS Management 


- o< 


File Action View Window Help 

«■*! iia oH 

DFS Management 
nil Namespaces 
t- Replication 


Namespaces 


New Namespace- 
Add Namespaces to Display. 
Delegate Management Permissions- 
View 

New Window (torn Here 
Export List.. 

Help 


items to show in this view 


Actions 


Namespaces 


New Namespace... 
Add Namespaces ... 
Delegate Manage.. 
View 

New Window fro . 
Export List.. 


□ Help 


stars a wizard to create a new narrescace. 
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3. Enter the Server Name in which DFS Installed and Select Next. 



4. Enter Name for the Namespace (Sales)and click Edit Settings. 
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5. Select the Permissions Administrators have full access, other users have read and write 
permissions, and click Next. 


Edit Settings 


Namespace server; 



O AJI users have read-only permissions 


o 


AH users have read and write permissions 


o 


Administrators have full access, other users have read-only 

permissions 




; Administrators have full access, other users have read and write 
. permissions 


O U se custom permissions 



OK 


Cancel 


6. Select Domain Based Namespace"^ click Next 


New Namespace Wizard 


□ 


x 



Namespace Type 


Select the type of namespace to create 
(5 Domain -based namespace 

A domain -based namespace is stored on one or more namespace servers and in Active Directory 
Domain Services You can increase the availability of a domain-based namespace by using 
multiple servers When created in Windows Server 2008 mode, the namespace supports 
increased scalability and access-based enumeration 


Confirmation @ Enable Windows Server 2008 mode 

Preview of domain -based namespace: 
WMi cro soft com \Sa!es 


Namespace Server 
Namespace Name and Settings 

Namespace Type 

Review Settings and Create 
Namespace 


C Stand-alone namespace 

A stand-alone namespace is stored on a single namespace server You can increase the 
availability of a stand-alone namespace by hosting it on a failover cluster. 


Preview of stand-alone namespace: 
\\sys2\Sales 


c Previous 


Next; 


Cancel 
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7. Click Create 




New Namespace Wizard 




Review Settings and Create Namespace 


Steps: 

Namespace Server 


You selected the folio wing settings for the new namespace If the settings are 
correct, dick Create to create your new namespace To change a setting, dick 
Previous, or select the appropriate page in the orientation pane 


Namespace Name and Settings 

Namespace Type 

Review Settings and Create 
Namespace 

Confirmation 


Namespace settings 


Namespace 

Namespace name: AMicro soft .com \Sales 
Namespace type: Domain (Windows Server 2008 mode) 

Namespace server: sys2 

Root shared folder: A shared folder will be created If one does not exist 
Local path of namespace shared folder: CAD FSRoots.Sales 
Permissions for namespace shared folder: Administrator full control, 
everyone read/write 


c Previous 


[ J 


Cancel 


8. Select Close 
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Configuring New Folder In Namespace 


1. In SYS1 (DC) open any Drive which is formatted with NTFS 

2. Create a shared folder (Salesl) and give permission (Ex:Read\Write for Everyone) 

3. Similarly create a shared folder (Sales2) on SYS2 and assign permission. 

4. In SYS2 (Member Server) go to DFS Management and Expand Namespaces 

5. Right click on namespace name and Select New Folder 


m 

DFS Management 

- S|< I 

u file Action View Window Help 


FT*!- 


*+| fclfP'l ■ [si 


•i DFS Management 

a Ji Namespaces 

'rosofrcom\PUBUC 
t- ft Replication 


\\mlcrosoft.com\PUBLIC (Domain based in Windows Serve* ?008 mode) 


i sa Serve* j De^caton j See Jt 

■ 

Ne w Folder .. 

Add Namespace Server.. 

Delegate Management Permissions.. 
Remove Namespace tram Display ... 

View 1 

New Window from Here 

Delete 

Refresh 

Properties 

Help 


Actions 

\\microsofLcom\PUBL_ » 

t£ New Folder . 

Add Namespace S_. 
Delegate Manage.. 
Remove Namespa. 
View ► 

New Window fro... 

X Delete 
n Refresh 
1 a Properties 
Q Help 


Create a new folder 


6. Enter the Name (Ex: Salesl) and click Add. 
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7. Enter the path for folder target (\\Svstemname\Sharefoldername )&click OK. 



8. Similarly add another DFS Folder (Ex: Sales2) and folder target \\SYS2\Sales2 . 



9. Go to DFS Management, Expand Namespaces, and select \\Microsoft.com\Sales. 


File Action View Window Help 

e[®| eiai 


DFS Management 


I I — 

1-E x 
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VERIFICATION: 


1. In SYS2 (Member Server), Go to Start, type Run in Search Apps, and select Run, tvoe UDomain 
nameXNamespace Name (Ex: \\Microsoft.com\Sales) 



2. It will display the contents (Folder) of Namespace. 


Ci'- 1 


Sales 




Home 

Share View 





t 

± ► Network ► Microsoftcom ► Sales 




y o 

it Favorites 

▲ 

Name 

Date modified 

Type 

Size 


■ Desktop 

ift salesl 

5/28/2013 12:... 

File folder 




^Downloads sales2 5/28/2013 12:.. File folder 

Recent places 

Libraries 
3 Documents 
^ Music 
^ Pictures 
8 Videos 

:*• Computer 
m Local Disk (C:) 
r i Local Disk (D:) 
r |u New Volume (F: 

Network 
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Lab - 26: Installing Additional Domain Controller 


Objective: 

To install one more Domain Controller (backup) in the existing domain 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A computer running windows 2012 server. 

Topology: 



MICROSOFT.COM 


SYS1 


SYS2 


Domain Controller 


Workgroup 


IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.2 

Alternate DNS 


Alternate DNS 

10.0.0.1 
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Steps: 


Log in as Administrator to the Workgroup Computer. 
Assign IP Address and preferred DNS Server Address 


1. 

2. 


3. Click Server Manager 


* 

AdmimsU 



Q 

Computer 

Additional Domain Controller 

fa 

Host Name 

SYS2 

Network 

IP Address 

10.0.0.2 

tv 

DNS Server 

10.0.0.2 

Recycle 

3m 

Alternate DNS 

io.o.o.i ! 

w 

Control 

Panel 

User Name 

Administrator 

Sfl Windows Server 2012 

1 Eb ' 


Ijj {& - 5:36PM 

It® ® ya/ani 


4. In Server Manager Dashboard, Click Add roles and features. 




Server Manager — ^ 

X 


44 Dashboard 

■» (^) 1 Manage Iools View 

Help 


Dashboard 


WELCOME TO SERVER MANAGER 


| Local Server 
| j All Servers 

■5 File and Storage Services t> 


QUICK START 


WHAT'S NEW 


Configure this local server 

2 Add roles and features 

3 Add other servers to manage 

4 Create a server group 


s 


Hide 


LEARN MORE 


ROLES AND SERVER GROUPS 

Roles: 1 | Seivet groups: 1 | Servers total: 1 


File and Storage 1 


g Local Server 1 

* Services 



© Manageability 


© Manageability 
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5. In Before you begin page, click Next, In Select installation type, select Role-based or feature- 
based installation, click Next. 


Add Roles and Features Wizard 


_ a 


Select installation type 


DC STl NATION SERVER 
sys2 


Before Mdu Begir 


Installation Type 


Server Seecaor 


Select the installation type. You can install roles and features on a running physical computer or virtual 
machine, or or an offline virtual hard disk (VHD). 

• Role-based or feature-based installation 

Configure a single server by adding roles, role services, and features 


Remote Desktop Services installation 

Install required role services for Virtual Desktop Infrastructure (VDI) to create a virtual machine- based or 
session-based desktop deployment. 


< Previous 


Next > 


Install 


Cancel 


6. In Select destination server, from Server Pool select SYS2,click Next. 


Add Roles and Features Wizard 


_ a 


x 


Select destination server 


DESTINAtlON SERVER 
sys2 


Before Vbu Begir 
Instailabor ~ype 


Server Selection 


Server Roles 
Features 


Select a server or a virtual hard disk on which to install roles and features 

• Select a server from the server pool 
O Select a virtual hard disk 

Server Pool 




1 

Filter 





Name 

IP Address 

Operating System 


10.0.0.2 

Microsoft Windows Server 2012 Standard Evaluation 


1 Computer(s) found 

This page shows servers that are running Windows Server 201 2 , and that have been added by using the Add 
Servers command in Server Manager. Offline servers and newly-added servers from which data collection is 
still incomplete are not shown. 


< Previous 


x ‘ 

Next > ; 


Install 


Cancel 
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7. In Roles, check the box Active Directory Domain Services. 




Add Roles and Features Wizard 


-°! 


Select server roles 


DESTINATION SERVER 

sysi 


Before >Ou Begir 
Installation Type 
Server Seecucr 


Server Roles 


Featjres 
AD DS 
Confirmation 


Seteci one 01 more roles to install on the selected server. 

Roles 



Description 

Active Directory Domain Services (AD 

DS) stores information about objects 
on the network arte makes this 
information available to users and 
network administrators. AD DS uses 
domain controllers to give network 
users access to permitted resources 
anywhere on the network through a 
single logon process 


| < Previous | [ Next > lj Install | Cancel 

8. Click Add Features, to install the required features for Active Directory Domain Services. Click 

Next. 


Add Roles and Features Wizard 


x 


Add features that are required for Active Directory 
Domain Services? 


You cannot install Active Directory Domain Services unless the 
following role services or features are also installed. 

(Tools! Group Policy Management 
a Remote Server Administration Tools 
a Role Administration Toots 
a AD DS and AD LDS Tools 

Active Directory module for Windows PcwerShell 
a AD DS Tools 

[Tools] Active Directory Administrative Center 
(Tools) AD DS Srup lns and Command Line Tools 

✓ Include management tools (if applicable) 


! Add features 

Cancel 

: 
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9. In Select features wizard, click Next. 


Km Add Roles and Features Wizard 


I I — 


Select features 


OCSTINATION SERVER 

sysi 


Before >Ou Begir 
Installation Type 
Server Se eerier 
Server Roles 


Featjres 


AD DS 

Confirmation 


Select ooe 01 more features to install on the selected server 

Features 


□ 

in 

□ 

□ 

□ 

□ 

□ 

□ 

□ 

□ 

□ 

□ 

□ 

□ 


NET Framework 3.5 Featur 


.NET Framework 4.5 Features (Installed) 

Background Intelligent Transfer Sendee (BITS) 

Bitlocker Drive Encryption 

BitLocker Network Unlock 

BranchCache 

Client for NFS 

Data Center Bridging 

Enhanced Storage 

Failover Clustering 

Group Policy Management 

Ink and Handwriting Services 

Internet Printing Client 

IP Address Management (IPAM) Server 

iSNS Server service 


Description 

.NET Framework 3.5 combines the 
power of the NET Framework 2.0 APIs 
with new technologies for building 
applications that offer appealing user 
interfaces, protect your customers' 
personal identity information, enable 
seamless and secure communication, 
and provide the ability to mode) a 
range of business processes 


< Previous 


Next > 


Cancel 


10. In Active Directory Domain Services wizard, click Next. 


Add Roles and Features Wizard 


- O 


Active Directory Domain Services 


DESTINATION SERVER 
sy« 


Before Vbu Begir 
Installabori Type 
Server Selection 


Active Directory Domain Services (AD DS) stores information about users, computers and other devices on the 
network. AD DS helps administrators securely manage this information and facilitates resource shanng and 
collaboration between users. AD DS is also required for directory enabled applications such as Microsoft 
Exchange Server and for other Windows Server technologies such as Group Policy. 


Server Roles 
Features 


ADDS 


Confirmation 


Things to note 

• To help ensure that users can stHl log on to the network in the case of a server outage, install a minimum of 
two domain controllers for a domain. 

• AD DS requites a DNS server to be installed on the network. If you do not have a DNS server installed, you 
will be prompted to install the DNS Server role on this machine 

• installing AD DS will also install the DFS Namespaces. DFS Replication, and File Replication services which 
are required by AD DS. 


Learn more about AD DS 


< Previous 


Next > 


1 


Install 


Cancel 
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11. Check the box Restart the destination server automatically if required. Click Install. 


fs 


Add Roles and Features Wizard 


I I — 


Confirm installation selections 


DESTINATION SERVER 

sysi 


Before fou Begin 
Installation Type 
Server Se eerier 
Server Roles 
Features 
AD DS 


Confirmation 


To install the following roles, role services, or features on selected server, dick Install. 

@ Restart the destination server automatically if required 

Optional features (such as administration tools) might be displayed on this page because they have been 
selectee automatically. If you do not want to install these optional features, elide Previous to dear their check 
boxes. 


Active Directory Domain Services 
Group Policy Management 
Remote Server Administration Tools 
Role Administration Tools 
AD DS and AD LDS Tools 

Active Directory module for Windows PowerShell 
AD DS Tools 

Active Directory Administrative Center 
AD DS Snap-ins and Command- Line Tools 


Export configuration settings 
Specify an alternate source path 


: Previous | Install Cancel 


12. Click Promote this server to a domain controller. 




Add Roles and Features Wizard 


- Ol X 


Installation progress 


DESTINATION SERVER 

sys2 


View installation progress 
Q Feature installation 

Configuration required. Installation succeeded on sys2 


Results 


Active Directory Domain Services 

Additional steps are required to make this machine a domain controller. 
Promote thts server to a domain controller 

Group Policy Management 
Remote Server Administration Tools 
Role Administration Tools 
AD DS and AD LDS Tools 

Active Directory module for Windows PowerShell 
AD DS Tools 

Active Directory Administrative Center 
AD DS Snap-Ins and Command- Line Tools 


You can close this wizard without interrupting running tasks. View task progress or open this page 
U again by clicking Notifications in the command bar, and then Task Details 

Export configuration settings 


< Prevrous | 

Next > 


Close 

Cancel 
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13. In Deployment Configuration wizard, select Add a domain controller to an existing domain, 
enter the Domain (Ex: Microsoft.com) and click Change. 


Active Directory Domain Services Configuration Wizard 


□ X 


Deployment Configuration 


TARGET SERVER 
sys2 


Deployment Configuration 


Select the deployment operation 


® Add a domain controller to an existing domain 
O Add a new domain to an existing forest 
O Add a new forest 


Specify the domain information for this operation 
Domain: microsoft.com 


Supply the credentials to perform this operation 
<No credentials provided* 


I Select-. | 

|( Cba;joe... i 


More about deployment configurations 

| < Previous | | Next » Install j | Cancel 

14. Enter User Name: Administrator@microsoft.com and Password, click OK. 



15. Click Next. 
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16. In Domain Controller Options, review the default settings, and type the Directory Services 
Restore Mode Password and Confirm password and click Next. 


Active Directory Domain Services Configuration Wizard 


□ X 


Domain Controller Options 


TARGET SERVER 
sys2 


Deployment Configurator 


Domain Controller Options 


DNS Options 
Addmona Options 
Paths 

Re. iew Options 
Prerequisites Check 


Specify domain controller capabilities and site information 

0 Domain Name System (DNS) server 
0 global Catalog {GQ 
Q Bead only domain coniroller (RODO 

Site name: Default-Fust-Site-Name 

Type the Directory Services Restore Mode (DSRM) password 
Password: •••••••• 

Confirm password: •••••••• 


More about domain controller options 


< Previous 


Next > 


Install 


Cancel 


17. On DNS Options page, click Next. 


Active Directory Domain Services Configuration Wizard 




DNS Options 


TARGET SERVER 
sys2 


± A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or it does n... snow more X 


Deployment Configurator 

Specify DNS delegation options 

Domain Control e r Opto~s 

[ ) Update DNS delegation 


DNS Options 


Addtona Options 
Feths 

Review Options 
Prerequisites Chec< 


More about DNS delegation 


< Previous 


Next > 


Cancel 
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18. In Additional Options Page, select Replicate from Sysl.Microsoft.com, click Next. 


Active Directory Domain Services Configuration Wizard 




Additional Options 


TARGET SERVER 
sy s2 


Deployment Configuration 
Domain Controller Options 
DNS Options 


Additional Options 


Paths 

Re. iew Options 
Prerequisites Chec< 


Specify Install From Media (1FM) Options 
I install from media 


Specify additional lepluation options 
Replicate from: 



More about additional options 


< Previous Next > 


Install 


Cancel 


19. Verify the location of the AD DS database, log files, and SYSVOL, click Next. 


Active Directory Domain Services Configuration Wizard 


l - ! ° l 


Paths 


TARGET SERVER 
sy&2 


Depioyme-r Configurator 
Domain Controller Options 
DNS Options 
Additiora Options 


Paths 


Review Options 
Prerequisites Check 


Specify the location of the AD DS database log files and SYSVOL 


Database tokJer: 
log files folder 
SYSVOL folder 


C:\Windows\NTDS 

C:\Wiodows\NTDS 

C:\Wmdows\SY5VOl 


Q 

m 

rn 


More about Active Directory paths 


< Previous 


Next > 


Install 


Cancel 
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20. Review the Summary and click Next. 




Active Directory Domain Services Configuration Wizard 


I I — 


Review Options 


TARGET SERVER 
sy s2 


Deployment Configurat or 
Domain Controller Optors 
DNS Options 
Additiora Options 
Paths 


Review Options 


Prerequisites Chec< 


Review your selections: 

Configure this server as an additional Active Directory domain controller for the domain "microsoft.com". ~ 
Site Name: Default-First-Site Name 
Additional Options: 

Read-only domain controller No = 

Global catalog: Ves 

DNS Server Ves 

Update DNS Delegation: No 


Source DC: 5 yslMcrosoft.com 


Database folder C:\Windows\NTDS 


I nn file folHer r-\Windnwn\NTn^ 


These settings can be exported to a Windows PowerSheil scnpt to automate additional 

instaNations | View5cnpt 

More about installation options 


< Previous 


Next > 


Install 


Cancel 


21. Click Install to begin installation. 


Active Directory Domain Services Configuration Wizard 


l=“l 


Prerequisites Check 


TARGET SERVER 
sys2 


Q All prerequisite checks passed successfully. Click Install" to begin installation. 


Show more X 


Deployment Configuration 

Prerequisites need to be validated before Active Directory Domain Services is installed on this computer 

Domain Cortroi er Optors 

Rerun prerequisites check 

DNS Options 


Additiona Options a view results 


Paths 

Review Options 


Prerequisites Check 


A Windows Server 2012 domain conirollers have a default for the security setting named 'Allow 
cryptography algorithms compatible with Windows NT 4.0' that prevents weaker cryptography 
algorithms when establishing security channel sessions 

For more information about this setting, see Knowledge Base article 542564 (http://go.miCTOsoft.com/ 
fwlink/TLmldd = 104751). 

| A delegation for this DNS server cannot be created because the authoritative parent zone cannot be 
found or it does not run Windows DNS server. If you are integrating with an existing DNS 
infrastructure, you should manually create a delegation to this DNS server in the parent zone to 
ensure reliable name resolution from outside the domain "Mjcrosoft.com''. Otherwise, no action is 
required. 

O Prerequisites Check Completed 

© All prerequisite checks passed successfully Click 'Install to begin installation. 


A If you dick Install the server automatically reboots at the end of the promotion operation. 


More about prerequisites 


; Previous | 


Install 


][ 


Cancel 
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22. The computer restarts as a part of Active Directory Domain Services installation. 


- a 


Active Directory Domain Services Configuration Wizard 


Results 


TARGET SERVER 
sys2 


O This server was successfully configured as a domain controller 


Show more 


A View detailed operation results 

A Windows Server 2012 domain controllers have a default for the security setting named 'Allow 
cryptography algorithms compatible with Windows NT 4.0‘ that prevents weaker cryptography 
algonthms when establishing secunty channel sessions. 

For more information about this setting see Knowledge Base article 9425S4 (http y/go.m icrosoft com/ 


You're about to be signed off 


The com outer is being restarted because Active Directory Domain Services was installed or removed. 



23. After restarting the computer Active directory will be installed. 


Verification: 

1. Click Start Run and type CMD. 

2. Type NET ACCOUNTS and verify for Backup in Computer role. 

aa Administrator: C:\Windows\system32\cmd.exe 


Microsoft Windows [Version 6.2.9200J 

(c) 2012 Microsoft Corporation. All rights reserved. 


C:\Users\Admi ni st rator . Mi crosoft>net accounts 
Force user logoff how long after time expires?: Never 

Minimum password age (days) : 1 

Maximum password age (days): 42 

Minimum password length: 7 

Length of password history maintained: 24 

Lockout threshold: Never 

Lockout duration (minutes): 30 

Lockout observation window (minutes): 30 

computer role: backup 

The command completed successfully. 


C:\Users\Admi nist rator . Mi crosoft> 


MCSE Lab Manual 


Page | 141 


www.zoomgroup.com 


0 






Lab - 27: Creating Child Domain 


Objective: 

To create child domain 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A computer running windows 2012 server. 



MCITP.MICROSOFT.COM 


SYS1 

Domain Controller 

IP Address 10.0.0.1 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 

Alternate DNS 


SYS3 

Workgroup 

IP Address 10.0.0.3 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.3 

Alternate DNS 10.0.0.1 
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Steps: 

1. Log in as Administrator to the Workgroup Computer. 

2. Assign IP Address and preferred DNS Server Address 

3. Click Server Manager 


R 

Atfrr»rwi|_ 



iS 

Copeua* 

Child Domain 

Hrfwriffc 

Host Name 

IP Address 

SYS3 

10.0.0.3 

V 

DNS Server 

10.0.0.3 

bn 

Alternate DNS 

10.0.0.1 

w 

Conttoi 

Ran* 

User Name 

Administrator 

0 Windows Server 2012 




4. In Server Manager Dashboard, Click Add roles and features. 




Server Manager — ^ 

X 


44 Dashboard 

• | P*" Mhiwkji Iools View 

Help 


IS Dashboard 


| Local Server 
|| All Servers 

ii File and Storage Services > 


WELCOME TO SERVER MANAGER 


QUICK START 


WHATS NEW 


LEARN MORE 


Configure this local server 

2 Add roles and features 

3 Add other servers to manage 

4 Create a server group 


Hide 


ROLES AND SERVER GROUPS 

Roles: 1 | Server groups: 1 | Servers total: 1 


jp. File and Storage 1 


g Local Server 1 

' Services 



© Manageability 


(j) Manageability 
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5. In Before you begin page, click Next, In Select installation type, select Role-based or feature- 
based installation, and click Next. 



6. In Select destination server, from Server Pool select SYS2, click Next. 


la 


Add Rotes and Features Wizard 



Select destinat on server 


DESTINATION SHIVER 
SYS3 


Before you Begin 
installation ~/pe 


Server Seecion 


Server Roes 
Features 


Select a server or a victual hard disk on which !o install roles and features. 


• Select a server from the server pool 
1 Select a virtual hard disk 

Server Pool 




1 

Filter 





Nome 

IP Address 

Operating System 

SYS3 

100.C.3 

Microsoft Windows Server 2012 Standard evaluation 


1 Computers) found 

This page shows servers that are running Windows Server 2012, and that have 
been added by using the Add Servers command in Server Manager. Offline servers 
and newly-added servers from which data collection is still incomplete are not 
shown. 


c £revious 


Next > 


install Cancel 



MCSE Lab Manual 


Page | 144 


www.zoomgroup.com 








ZOOM 


TECH N OLOG IE! 


7. In Roles, check the box Active Directory Domain Services. 




Add Knlrv And trjtijim. Wimd 


- o« 


Select server role 


r«str4*rwr,n«M* 


t+Tur rx. t+jr 
Iniiftj'or Tip* 
S#rv*r S ptp q icn 



FwUaw 

ADCS 

Cor*rm»oor 


Setea one at more ram jo roue on Die selected serv 

Rom 

n Knur DukW) CewAcm Senwn 


Mtur Dlnilny Goman Sim 


L Aaw CimMy T eO«vatiuri Snvvn 

Atsve Oresrtory Ug h t*wigM Duuctoey Snwn 
Aom Qvcaoiy -jjws Mimgtffem Services 
C Afefcejrlnn lew 
C CMCP Serve* 

□ 0N& Server 
• *• Server 

J e*A.*rt -muo* (eryeer iswuMm; 

C H«m V 

Hrrmertt Puk.y one) Aim. Snwn 
•Yee tta Documra Secretes 
C *tc»» 

C Rmoif DnMop Sown 
) Volume Acweaoe Servers 


■ 


Orwnpewr 

Ailrvr Ssmtery Oonen Sermos , AD 

D stores eSkrrrvrbon atnut otyetti 
on the wtmli end motes ttas 
eWarTUrtiari mKttir so users and 
nrtmorti aewmiinm AD DS uses 
oonvtr » cceaotfcn lo </N* netnor* 
users team to permitted reto ceres 
mpiwri on or netwert tfxo^r • 
ungte logon proem 


sgrawous 

(■ipiTfmn 


Cancet 


8. Click Add Features, to install the required features for Active Directory Domain Services. Click 

Next. 


Add Roles and Features Wizard 


X 


Add features that are required for Active Directory 
Domain Services? 


You cannot install Active Directory Domain Services unless the 
following role services or features are also installed. 

(Tools) Group Policy Management 
a Remote Servet Administration Tools 
a Role Administration Toots 
a AD DS and AD LDS Tools 

Active Directory module for Windows PowerShell 
a AD DS Tools 

(Tools] Active Directory Admmistratrve Center 
(Toots] AD DS Snap-Ins and Command -Line Tools 

v Include management tools (if applicable) 


Add Tealures 


Cancel 
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9. In Select features wizard, click Next. 


rL 


Add Roles and Features Wizard 


bdfU 


m 


Select features 


DESTINATION SttVW 
5YS3 


Before <ou Begin 


Select cne or more features to install on the selected server. 


Innallatior Typa 


features 


Description 


Server Seecion 
Server *oes 


Fpatun=s 


ADDS 

Confirmation 



.NET Framevkort 35 combines the 
power of the .NET Framework 20 
APIs with new technologies for 
building applications that offer 
appealing user nterfaccs. protect 
your customers personal identity 
information, enable seamless and 
secu'e commuricaticn, and provide 
the ability to model a range of 
business processes. 


e £revious 


Next > 


Cancel 


10. In Active Directory Domain Services wizard, click Next. 
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11. Check the box Restart the destination server automatically if required. Click Install. 



12. Click Promote this server to a domain controller. 
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13. In Deployment Configuration wizard, select Add a new domain to an existing forest, select 
domain type Child Domain, enter the Parent domain name (Ex: Microsoft.com) and New 
domain name (Ex: mcitp), and click Change. 


L. 


Active Directory Domain Services Configuration Wiiatd 




Deployment Configuration 


TARGET SERVER 
SYS3 


Deployment Configuration 


Domain Cortrcller Cptors 
Addition Cptors 
Paths 

Review Options 
Prerequisites Check 


Select the deployment operator 

C Add a domain controller to an existing domain 
• Add a new domain to an existing forest 

C Add a new forest 


Specify the domain information for this operator 
Select domain type: 

Parent domain name: 

New domain name 


Child Domain 

microsoft.com 

mcitp 


I ] 


Supply the credentials to perform this operation 

acmmstrator@microsoft.com If Change... 


More about deployment configurations 


< Previous Next > 


.Install 


Cancel 


14. Enter User Name: Administrator@microsoft.com and Password, click OK. 



15. Click Next. 


0 
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16. In Domain Controller Options, review the default settings, and type the Directory Services 
Restore Mode Password and Confirm password and click Next. 


fL Active Directory Domain Services Configuration Wizard 


Domain Controller Options 


Deiloyr-en: Configurator 


Domain Controller Options 


DNS options 
Additional Optors 
Pans 

Review Options 

Prerec- sites Creek 


Select functional level of the new domain 

Domain functional level: 


Windows Server 2003 


Specify domain controller capabilities and site information 

0 Domain Name System (DNS) server 
0 Global Catalog (GC) 

□ Read only domain controller (RODC) 

Site name: 


Default-First-Site-Name 


Type the Directory Services Restore Mode (DSRM) password 
Cacewcrd' 

Confirm password: ••#•••••] 


I I M 


TARGET SERVER 
sys2 


More about domain controller options 


< Previous 


Next > 


Install 


Cancel 


17. On DNS Options page, click Next. 
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18. In Additional Options Page, Review the NetBIOS domain name (MCITP) click Next. 



19. Verify the location of the AD DS database, log files, and SYSVOL, click Next. 
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20. Review the Summary and click Next. 



21. Click Install to begin installation. 

Actiw LHreclory Domain Services Conligmatitxi Wiiaid — I 3 x 


Prerequisites Check 


TARGTT SfRVFR 
SVS3 


© All prerequisite checks passed successfully. Clide 'Install to begin installation. 


Show more * 


Mployinerf ro^.-stor 
bcn-aK Cottrells' Ccucr; 
DNS Cpiers 


PiFiequmtei md to be vakdsled before Adne Directory Oomen Services k imtal ed on this computer 

Rerun prerequisites check 


AddTJonai Optkx': 

Paths 

=?vte.-. oct CT! 


Prerequisites Check 


* ¥*WfKute 

! Windows Se*ver 2012 domain controllers have a default for the security swing named ‘A 1 tow cryptography algorithm? eompottoe *vrh 

Window* M 40* that prevents neater cryptography algorithms wrftei establishing security channel sessions 

= oc more information about this setting, see Knowledge Bose article 947 5M ihttp, /go m* soft-eonvfwl rk- ' .iiw.rt - 104751). 

Ik This compute- has at least aoe physic* network adapter that does not have static >P address es) assigned to its - PropeOes if Doth IPv4 
and IP.6 aT enabled for a network adapter both J Pv4 and IPv6 static IP addresses should be assigned to both IPv4 and IPv6 Proper** of 
the physical network adapter Such static ip addressles) assignment should be done to aH the physical network aoaptem tee re- sble Domaei 

Name System lONS) operation. 

O p ^requis.ter Check Comp eted 

© AJI prerequisite checks passed successfully Ckck Vi stall to begin installation. 


£. ^ you dick tnstaA the server automalcali/ reboots at the end of the promotion operation. 

More about prerequisites 

| * Previous | v.«t > | install Cancel | 


22. After restarting the computer Active directory will be installed. 

Verification: Go to Server Manager, Local Server verify for Domain MCITP.MICROSOFT.COM 

1. Go to Active Directory Domains and Trusts verify for parent and child domain. Example: 

MICROSOFT.COM and MCITP.MICROSOFT.COM. 
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Lab - 28: Creating New Domain Tree in Existing Forest 


Objective: 

To create new tree domain in existing forest 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A computer running windows 2012 server. 

Topology: 



MCTS.COM 


SYS1 


SYS4 


Domain Controller 


New Domain Tree 


IP Address 

10.0.0.1 

IP Address 

10.0.0.4 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.4 

Alternate DNS 


Alternate DNS 

10.0.0.1 
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Steps: 


Log in as Administrator to the Workgroup Computer. 
Assign IP Address and preferred DNS Server Address 


1. 

2. 


3. Click Server Manager 


R 

AdnwML. 


S. NDEF 

^ Host Name 

SYS4 

IP Address 

10.0.0.4 

£ DNS Server 

10.0.0.4 

*5T Alternate DNS 

10.0.0.1 

|Tk User Name 

Conboi 

Pmwt 

Administrator 


0 Windows Server 2012 

rk cf E2f[ 



In Server Manager Dashboard, Click Add roles and features. 




Server Manager — ^ 

X 


44 Dashboard 

• (5) 1 P'" Manage Iools ¥iew 

tletp 


IS Dashboard 


WELCOME TO SERVER MANAGER 


| Local Server 
|| All Servers 

■S Flic and Storage Services > 



Configure this local server 


QUICK SIAM 


s 


2 Add roles and features 


WHATS NEW 

3 Add other servers to manage 

4 Create a server group 




LEARN MORE 

Hide 



ROLES AND SERVER GROUPS 

Roles: 1 | Server groups: 1 | Servers total: 1 


File and Storage 

1 

i 

Local Server 1 


* Services 




(♦) Manageability 

© 

Manageability 

V 
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5. In before you begin page, click Next, In Select installation type, select Role-based or feature- 
based installation, and click Next. 



6. In Select destination server, from Server Pool select SYS4, click Next. 


la 


Add Rotes and Features Wizard 



Select destinat on server 


DESTINATION SERVER 
STS4 


Before rou Begin 
installation ~/pe 


Server Seecion 


Server Roes 
Features 


Select a server or a virtual hard disk on which lo install roles and features. 

• Select a server from the server pool 
Select a virtual hard disk 

Server Pool 

Filter 

Nome IP Address Operating System 



1 Computers) found 

This page shows servers that are running Windows Server 2012, and that have 
been added by using the Add Servers command in Server Manager. Offline servers 
and newly-added servers from which data collection is still incomplete are not 
shown. 


< Previous 


Next > 


install Cancel 
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7. In Roles, check the box Active Directory Domain Services. 




Add 4W) WilMd 


- a i 


x 


Select server roles 


□Ktft*rUFt«KVt« 


Irzu/Uf.ar Typt 
irrvrr S*tectcn 



ADCS 

Cor*rm»oor 


S<tM one w more ram to rtrjH on me vtMtM ser 


Hotel 

[_; Mm DukIoi) HflMcm Servrres 


Mtur nmlny Goman Sim 


Q Aim Cimuty T eO«vatluri Sown 

At »ve Oresrtory UghtiwigM Duectcry Sown 
Aim Ovtoaiy -jjws Management Semen 
C AfeteMnn Sena* 

C (XP Server 
□ C * 6 S««v 
• *• VtVfv 

■* MAM -'niga tvryevr imrtjUM; 

C Mjpet-V 

j Htrmertt Poky one) Acorn Sown 

•Tim md Doemneen Sovtn 
C #**0WAre» 

C Hmoif DnMop Sown 
) Volume Atm- toon Smai 


Onote" 

Aiwr Sminy Oomon Sown ,AC* 

D slorrt Mkuovtbon teem) Stynh 
on the nmoili tnd mates ttm 

«‘Avr»jrtm«i erwUAAn 10 Men and 

nrvw»* •c'-mtui item AD DS umc 
aomae* ccnacden 10 gve networt 
mm attest 10 permineo rtsttrcrt 
myiWfi on or netwert ovougr • 
vnqte logon proem 


sgteWOUJ 

(■ipivfmn 


Cancrt 


8. Click Add Features, to install the required features for Active Directory Domain Services. Click 

Next. 


Add Roles and Features Wizard 


X 


Add features that are required for Active Directory 
Domain Services? 


You cannot install Active Directory Domain Services unless the 
following role services or features ate also installed. 

(Tools) Group Policy Management 
a Remote Servet Administration Tools 
a Role Administration Toots 
a AD DS and AD LDS Tools 

Active Directory module lot Windows PowerShell 
a AD DS Tools 

(Tools] Active Directory Admmistratrve Center 
(loots) AD DS Snap-Ins and Command -Line Tools 

•f Include management tools (if applicable) 


Add Features 


Cancel 
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9. In Select features wizard, click Next. 


rL 


Add Roles and Features Wizard 


bdfl I 


m 


Select features 


CES"l NATION S£<VER 
5YS4 


Before <ou Begin 


Select cne or more features to install on the selected server. 


Innallatior Type 


features 


Description 


Server Seecion 
Server *oes 


Fpatun=s 


ADDS 

Confirmation 



.NET Framevkort 3 5 tombmes the 
power of the .NET Framework 20 
APIs with new technologies for 
building applications that offer 
appealing user nterfaccs. protect 
your customers personal identity 
information, enable seamless and 
secure communication, and provide 
the ability to model a range of 
business processes. 


e £revious 


Next > 


Cancel 


10. In Active Directory Domain Services wizard, click Next. 
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11. Check the box Restart the destination server automatically if required. Click Install. 



12. Click Promote this server to a domain controller. 
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13. In Deployment Configuration wizard, select Add a new domain to an existing forest, select 
domain type Tree Domain, enter the Forest name (Ex:MICROSOFT.COM) and New domain 
name (Ex: MCTS.COM), and click Change. 


r~ 


Active Directory Domain Services Configuration Wiiatd 


[=1±M 


Deployment Configuration 


TARGET SERVER 
SYS4 


Deployment Configuration 


Domain Cortrclier Cptors 

Additions Cptors 
Paths 

Review Options 
Prerequisites Check 


Select the deployment operator 

C Add a domain controller to an existing domain 
• Add a new domain to an existing forest 

C Add a new forest 

Specify the domain information for this operator 
Select domain type: 

Forest rame. 

New domain name mctscom 


Tree Domain 


microsoft.com 


Supply the credentials to perform this operation 

acmmstrator@microsoft.com [T Change... 


More about deployment configurations 


< Previous Next > 


Install 


Cancel 


14. Enter User Name: Administrator@microsoft.com and Password, click OK. 



15. Click Next. 


0 
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16. 


In Domain Controller Options, review the default settings, and type the Directory Services 
Restore Mode Password and Confirm password and click Next. 


Active Directory Domain Services Configuration Wizard 


Domain Controller Options 


Deployment Conf g_ra*jon 


Domain Controller Options 


DNS Options 
Addr.iona' options 
Paths 

Review Options 
Prerequisites Check 


Select fvnctiono level of the new domain 
Domain functional level: 


Windows Server 2012 


Specfy domain controller capacities and site information 

0 Comdi'i Name System (DNS) server 
0 Global Catalog (GQ 

PI Read only domain controller (RODC) 

Site name; 


Default-First-SIte-Klame 


Type the Directory Services Restore Mode (DSRMI password 
Password •••••••• 

Confirm password: •••••••• 


More about domain controller options 


< £revious Next > 


IZIhI 


TARGET SERVER 
SYS4 


install 


Cancel 


17. On DNS Options page, click Next. 


Active Directory Domain Services Configuiation Wizard 


-ax 


DNS Options 


TARGET SERVER 
STS4 


A delegation for this DNS server cannot be created because the authoritative parent-show mere x 


Deployment Configuration 
Domain Corrrcller Cptors 


DNS Cptors 


Additio^a Options 
Paths 

Review Options 
Prareo. s'ss Check 


Sp«c:fy DNS delegation options 

n Create DNS delegation 


More about DNS delegation 


< Previous Next > 


install 


Cancel 
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18. In Additional Options Page, Review the NetBIOS domain name (MCTS) click Next. 



19. Verify the location of the AD DS database, log files, and SYSVOL, click Next. 
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20. Review the Summary and click Next. 


Active Directory Domain Services Configuration Wizard 


L=1eI 


Review Options 

Deploymer: Confg.ra’jon 
Domain Cortrclle r Optors 
DNS Optors 
Addltiona options 

Paths 


Review Options 


Prerequisites Check 


TARGET SERVER 
STS4 

Review /our selections; 

Con’igure th s server as the first Active Directory domain controller in a new domain tree. 

The name of the new domain: mcts.com 

The NetBIOS name of the domain: MCTS = 

The new domain has a trust Ink with the domain: microsoft.com 

Domain Functional Level; Windows Server 2012 

Site Name: Default-First-Site-Name 

Add tiona Options: 

Global catalog: Yes 

DNS Server Yes 0 

These settings can be exported to a Windows OowerShell script to automate 

additional installations | View script | 


More about installation options 


c Previous 


Next - 


Install 


Cancel 


21. Click Install to begin installation. 


Active Directory Domain Services Configuration Wizard 


- n x 


Prerequisites Check 


TARGET SERVER 
SYS4 


O All prerequisite checks passed successfully. Click ’Install' to begin installation Show more 

3 

Deploy merit Configuration 

Domain Cortrclle' Optor? 

Prerequisites need to be validated before Active Directory Domain Servces is installed on tnis 
computer 


DNS Cptors 

Additions Options 

iRerun prerequisites check 


Paths 


A View results 


Review Options 


! Windows Se’ve' 2012 domain controllers have a default for the secuity setting named 


Prerequisites Check 


"Allow cryptograpny algorthms compatible with Windows NT 4.0" that prevents weaker 
cryptography algorithms when establishing security channe sessions. 




s 



For more information about this setting, see Knowledge 3a<e article 942554 (http:,'/ 
go.microsoftcom/fwlink/?Linkld=104 7 51). 




1 This computer has at least one physical net.vcrk adapter that does rot have static IP 
address(es) assigned to its IP Properties. If both IPv4 end IPv6 are erebled for a network 
adapter, both IPvd and IPv6 static IP addresses should be assigned to both IPv4 ard 

IPv6 Properties of the physical network adapter. Such static IP addressfes) assignment 

V 


A 1* you dice Install, the server automat caily reboots at the end of the promotor operation 



More about prerequisites 



< Pievious 


Next * 


Install 


Cancel 


22. After restarting the computer Active directory will be installed. 
Verification: 


1. Go to Server Manager, Local Server verify for Domain MCTS.COM 

2. Go to Active Directory Domains and Trusts verify for parent and New Tree domain. Example: 

MICROSOFT.COM and MCTS.COM 
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Lab - 29: Transfer Operations Masters 


Objective: 

To transfer operations masters from primary to backup 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A computer running windows 2012 server Additional Domain controller. 

Topology: 



MICROSOFT.COM 

SYS1 SYS2 


Domain Controller 

IP Address 10.0.0.1 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 

Alternate DNS 


Additional Domain controller 

IP Address 10.0.0.2 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.2 

Alternate DNS 10.0.0.1 
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Steps: 


1. Log on to Domain Controller as Administrator 


2. Go to Start, type cmd in Search Apps, and select Command Prompt 



3. Type Net accounts and Verify for Primary in Computer role. 


Administrator: C\Windows\system32\cmd exe 


Microsoft Windows [version 6.2.9200^ 

(c) 2012 Microsoft corporation. All rights reserved 

C:\Users\Admi ni strator>net accounts 

Force user logoff how long after time expires?: 

Minimum password age (days): 

Maximum password age (days): 

Minimum password length: 

Length of password history maintained: 

Lockout threshold: 

Lockout duration (minutes): 

Lockout observation window (minutes): 

Computer role: 

The command completed successfully. 


Never 

1 

42 

7 

24 

Never 

30 

30 

PRIMARY 


C : \Users\Admi ni st rator> 
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4. Type Ntdsutiland Press Enter. 


OB Administrator: C\Windows\system32\cmd.exe 


Microsoft Windows [.Version 6.2.9200J 

(c) 2012 Microsoft Corporation. All rights reserved. 


C:\Users\Admi nistrator>net accounts 

Force user logoff how long after time expires?: Never 

Minimum password age (days): 1 

Maximum password age (days): 42 

Minimum password length: 7 

Length of password history maintained: 24 

Lockout threshold: Never 

Lockout duration (minutes): 30 

Lockout observation window (minutes): 30 

computer role: primary 

The command completed successfully. 


C:\Users\Admi ni stratoontdsuti 1_ 


5. Type Roles and Press Enter. 


as Administrator C:\Windows\system32\cmd.exe - ntdsutil 


Microsoft Windows [version 6.2.9200] 

(c) 2012 Microsoft corporation. All rights reserved. 


c:\users\Admi nistrator>net accounts 

Force user logoff how long after time expires?: Never 

Minimum password age (days): 1 

Maximum password age (days): 42 

Minimum password length: 7 

Length of password history maintained: 24 

Lockout threshold: Never 

Lockout duration (minutes): 30 

Lockout observation window (minutes): 30 

computer role: primary 

The command completed successfully. 


C:\Users\Admi ni strator>ntdsuti 1 
ntdsutil: roles 
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6. Type Connections and Press Enter. 


as Administrator C:\Windows\system32\cmd exe - ntdsutil 


Microsoft Windows [Version 6.2.9200] 

(c) 2012 Microsoft corporation. All rights reserved. 


C : \llse rs\Admi ni st rator>net accounts 

Force user logoff how long after time expires?: Never 

Minimum password age (days): 1 

Maximum password age (days): 42 

Minimum password length: 7 

Length of password history maintained: 24 

Lockout threshold: Never 

Lockout duration (minutes): 30 

Lockout observation window (minutes): 30 

Computer role: PRIMARY 

The command completed successfully. 


c:\users\Admi nistrator>ntdsutil 

ntdsutil: roles 

fsmo maintenance: connections 


7. Type Connect to server SYS2 (ADC System name) and Press Enter. 


ra Administrator C:\Windows\system32\cmd.exe - ntdsutil 


Microsoft Windows [Version 6.2.9200J 

(c) 2012 Microsoft Corporation. All rights reserved. 


c : \use rs\Admi ni strator>net accounts 

Force user logoff how long after time expires?: Never 

Minimum password age (days): 1 

Maximum password age (days): 42 

Minimum password length: 7 

Length of password history maintained: 24 

Lockout threshold: Never 

Lockout duration (minutes): 30 

Lockout observation window (minutes): 30 

Computer role: PRIMARY 

The command completed successfully. 


c:\users\Administrator>ntdsuti 1 

ntdsutil: roles 

fsmo maintenance: connections 

server connections: connect to server sys2 
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8. Type: Quit 


Hi Administrator: C:\Windows\system32\cmd.exe - ntdsutil 


Lockout threshold: Never 

Lockout duration (minutes): 30 

Lockout observation window (minutes): 30 

computer role: primary 

The command completed successfully. 


c:\users\Admi nistrator>ntdsuti 1 

ntdsutil: roles 

fsmo maintenance: connections 

server connections: connect to server sys2 

Bi ndi ng to sys2 . . . 

connected to sys2 using credentials of locally logged on user, 
server connections: quit_ 


9. Type Help (or) ? , to see the available syntax. 


SS Administrator C:\Windows\system32\cmd.exe - ntdsutil 


C:\Users\Admi nistrator>ntdsuti 1 

ntdsutil: roles 

fsmo maintenance: connections 

server connections: connect to server sys2 

Bi ndi ng to sys2 . . . 

Connected to sys2 using credentials of locally logged on user, 
server connections: quit 
fsmo maintenance: ?_ 


10. Type Transfer infrastructure master and Press Enter. 


mi Administrator: C\Windows\system32\cmd.exe - ntdsutil 


fsmo maintenance: ? 

7 

connections 
Hel p 
Quit 

seize infrastructure master 
er 

Seize naming master 
r 

Seize PDC - Overwrite PDC role on connected server 

Seize RID master - Overwrite RID role on connected server 

Seize schema master - Overwrite schema role on connected ser 

Select operation target - Select sites, servers, domains, roles 

naming contexts 

Transfer infrastructure master - Make connected server the infrastruct 
r 

Transfer naming master - Make connected server the naming maste 

Transfer pdc - Make connected server the pdc 

Transfer rid master - Make connected server the rid master 

Transfer schema master - Make connected server the schema maste 

fsmo maintenance: Transfer infrastructure Master 


- show this help information 

- connect to a specific ad dc/lds instan 

- show this help information 

- Return to the prior menu 

- overwrite infrastructure role on conne 

- Overwrite Naming Master role on connec 
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11. Click YES. 



12. Type Transfer naming master and Press Enter. 


m Administrator. ( \Windows\system32\cmd.exe - ntdsutil 


Transfer schema master - Make connected server the schema maste 

fsmo maintenance: Transfer i nf rastructure Master 
Server "sys2" knows about 5 roles 

Schema - cn=ntds Settings ,CN=SYS1, Observers ,CN=Default-Fi rst-Site-Name 
, CN=conf i gu rati on , DC=Mi crosoft , DC=com 

Naming Master - cn=ntds settings, CN=SYSl,CN=servers ,CN=Defaul t-Fi rst-si 
N=si tes , CN=confi guration , DC=Mi crosoft , DC=com 

PDC - cn=ntds Settings, CN=SYSl,CN=servers,CN=Default-First-site-Name,CN 
=Conf i guration , DC=Mi crosoft , DC=com 

RID - CN=NTDS Setti ngs , CN=SYS1 , CN=Servers , CN=Defaul t-Fi rst-Si te-Name , CN 
=Conf i guration , DC=Mi crosoft , DC=com 

infrastructure - cn=ntds settings ,CN=SYS2 ,CN=servers ,CN=Default-Fi rst-S 
CN=si tes ,CN=confi guration ,DC=Mi crosoft ,DC=com 
fsmo maintenance: Transfer naming master 


13. Click YES 



14. Type Transfer PDC and Press Enter. 


HS Administiator: C:\Windows\system32\crnd.exe - ntdsutil 


fsmo maintenance: Transfer naming master 
Server "sys2" knows about 5 roles 

schema - cn=ntds setti ngs, CN=SYSl,CN=servers ,CN=Defaul t-Fi rst-s 
,CN=Confi gurati on ,DC=Mi crosoft ,DC=com 

Naming Master - CN=NTDS Settings ,CN=SYS2 ,CN=Servers ,CN=Default- 
N=si tes , CN=conf i gurati on , DC=Mi crosoft , DC=com 

PDC - CN=NTDS Settings, CN=SYSl,CN=servers,CN=Defaul t-Fi rst-site 
Configuration , DC=Mi crosoft , DC=com 

rid - cn=ntds setti ngs , cn=sys1 , CN=se rvers , CN=Defaul t- Fi rst -si te 
Configuration , DC=Mi crosoft , DC=com 

infrastructure - cn=ntds settings , cn=sys 2 ,CN=servers ,CN=Default 
CN=si tes , CN=Conf i guration , DC=Mi crosoft , DC=com 
fsmo maintenance: Transfer PDC 
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15. Click Yes 



16. Type Transfer RID Master and Press Enter. 


gd Administrator: C:\Windows\systern32\cmd.exe - ntdsutil 


fsmo maintenance: Transfer PDC 
Server "sys2" knows about 5 roles 

Schema - cn=ntds Settings ,CN=SYSl,CN=servers ,CN=Default-Fi rst-5 
, CN=Conf i gu rati on , DC=Mi crosof t , DC=com 

Naming Master - cn=ntds settings, cn=sys 2 ,CN=servers ,CN=Default- 
N=Si tes , CN=Conf i gu rati on , DC=Mi c rosof t , DC=com 
pdc - cn=ntds settings, CN=SYS2,CN=servers,CN=Default-First-sitt 
=Conf i gurat i on , DC=Mi crosoft , DC=com 

RID - CN=NTDS Settings ,CN=SYSl,CN=Servers ,CN=Default-Fi rst-Sit* 
configuration ,DC=Mi crosoft ,DC=com 

Infrastructure - CN=NTDS Setti ngs ,CN=SYS2 ,CN=Servers ,CN=De fault 
CN=si tes , CN=conf i gu rati on , DC=Mi crosoft , DC=com 
fsmo maintenance: Transfer RID master 


17. Click YES 



18. Type Transfer Schema Master and Press Enter. 


aa Administrator C:\Windows\system32\cmd.exe - ntdsutil 


fsmo maintenance: Transfer RID master 
server "sys2" knows about 5 roles 

schema - cn=ntds settings ,CN=SY5l,CN=servers ,CN=Default-Fi rst-s 
, CN=conf i gu rati on , DC=Mi crosoft , DC=com 

Naming Master - cn=ntds Settings, CN=SYS2,CN=servers ,CN=Default- 
N=Si tes , CN=Conf i gurati on , DC-Mi crosoft , DC=com 

PDC - CN=NTDS Settings ,CN=SYS2 ,CN=Servers ,CN=Default-Fi rst-Site 
=Conf i gurati on , DC=Mi crosoft , DC=com 

RID - cn=ntds settings , cn=sys 2 ,CN=servers ,CN=Defaul t-Fi rst-site 
=conf i gurati on , DC=Mi crosoft , DC=com 

infrastructure - cn=ntds setti ngs , cn=sys 2 ,CN=servers ,CN=Default 
CN=si tes , CN=conf i gurati on , DC=Mi crosoft , DC=com 
fsmo maintenance: Transfer schema master.. 
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19. Click YES 



20. Type Quit and press Enter 


m Administrator: C:\Windows\system32\cmd.exe - ntdsutil 


fsmo maintenance: Transfer schema master 
Server "sys2" knows about 5 roles 

Schema - CN=NTDS Settings, CN=SYS2 ,CN=Servers ,CN=Default-Fi rst-S 
, CN=Conf i gu rati on , DC=Mi crosof t , DC=com 

Naming Master - cn=ntds settings, cn=sys 2 ,CN=servers ,CN=Default- 
N=Si tes , CN=Conf i gurati on , DC=Mi crosoft , DC=com 
pdc - cn=ntds Settings ,CN= sys 2 ,CN=servers ,CN=Default-Fi rst-site 
=confi gurati on, DC=Mi crosoft ,DC=com 

rid - cn=ntds sett i ngs , CN=SYS2 , CN=serve rs , CN=Defaul t -Fi rst -si te 
=Conf i gurati on , DC=Mi crosoft , DC=com 

infrastructure - CN=NTDS Settings ,CN=SYS2 ,CN=Servers ,CN=De fault 
CN=si tes , CN=conf i gurati on , DC=Mi c rosoft , DC=com 
fsmo maintenance: quit 
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21. Type Quit and Press Enter. 


in Administrator: C:\Windows\system32\cmd.exe - ntdsutil 


fsmo maintenance: Transfer schema master 
Server "sys2" knows about 5 roles 

schema - cn=ntds settings , cn=sys 2 ,CN=servers ,CN=Default-Fi rst-s 
, CN=Conf i gu rati on , DC=Mi crosof t , DC=com 

Naming Master - cn=ntds setti ngs , cn=sys 2 ,CN=servers ,CN=Default- 
N=Si tes , CN=Conf i gu rati on , DC=Mi crosof t , DC=com 

pdc - CN=NTDS Settings ,CN=SYS2 ,CN=Servers ,CN=Default-Fi rst-sitc 
=Conf i gurat i on , DC=Mi crosoft , DC=com 

rid - cn=ntds sett i ngs , cn=sys2 , CN=serve rs , CN=Defaul t -Fi rst -si tt 
=Conf i gurati on , DC=Mi crosoft , DC=com 

infrastructure - cn=ntds setti ngs ,cn=sys2 ,CN=servers ,CN=Default 
CN=si tes , CN=conf i gurati on , DC=Mi crosoft , DC=com 
fsmo maintenance: quit 
ntdsutil: quit. 


Verification: 


1. Type Net accounts and Press Enter 


2. Computer role of Domain Controller will be converted to Backup and Additional Domain 
Controller will be converted to Primary. 


H9 Administrator: C:\Windows\system32\cmd.exe 


C:\Users\Admi nistrator>net accounts 

Force user logoff how long after time expires?: 

Never 

Minimum password age (days): 

1 

Maximum password age (days): 

42 

Minimum password length: 

7 

Length of password history maintained: 

24 

Lockout threshold: 

Never 

Lockout duration (minutes): 

30 

Lockout observation window (minutes): 

30 

computer role: 

BACKUP 

The command completed successfully. 

C:\Users\Admi ni strator> 
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Lab - 30: Seize Operations Masters 


Objective: 

To seize operations masters in backup when primary is accidentally down 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A computer running windows 2012 server Additional Domain controller. 

Topology: 



MICROSOFT.COM 

SYS1 SYS2 


Domain Controller 

IP Address 10.0.0.1 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 

Alternate DNS 


Additional Domain controller 

IP Address 10.0.0.2 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.2 

Alternate DNS 10.0.0.1 
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Steps: 


1. Log on to Additional Domain Controller as Administrator 

2. Shutdown the Domain Controller 

3. Go to Start, type cmd in Search Apps, and select Command Prompt 

4. Type Net accounts and Verify for BACKUP in Computer role. 

OS Administrator: C:\Windows\systenn3P\crnd.exe 


c:\users\Admi nistrator>net accounts 

Force user logoff how long after time expires?: Never 

Minimum password age (days): 1 

Maximum password age (days): 42 

Minimum password length: 7 

Length of password history maintained: 24 

Lockout threshold: Never 

Lockout duration (minutes): 30 

Lockout observation window (minutes): 30 

computer role: backup 

The command completed successfully. 


C:\Users\Admi nistrator> 


5. Type Ntdsutiland Press Enter. 


bs Administrator: C:\Windows\system32\cmd.exe 


c:\users\Admini st rator>net accounts 

Force user logoff how long after time expires?: 

Never 

Minimum password age (days): 

1 

Maximum password age (days): 

42 

Minimum password length: 

7 

Length of password history maintained: 

24 

Lockout threshold: 

Never 

Lockout duration (minutes): 

30 

Lockout observation window (minutes): 

30 

computer role: 

BACKUP 

The command completed successfully. 

C:\Users\Admi ni strator>ntdsuti 1_ 
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6. Type Roles and Press Enter. 


bd Administrator C:\Windows\system32\cmd.exe - ntdsutil 


c:\users\Admi ni strator>net accounts 

Force user logoff how long after time expires?: 

Never 

Minimum password age (days): 

1 

Maximum password age (days): 

42 

Minimum password length: 

7 

Length of password history maintained: 

24 

Lockout threshold: 

Never 

Lockout duration (minutes): 

30 

Lockout observation window (minutes): 

30 

computer role: 

BACKUP 

The command completed successfully. 

C:\Users\Admi ni stratoontdsuti 1 
ntdsutil: roles. 



7. Type Connections and Press Enter. 


SS Administrator C:\Windows\system32\cmd.exe - ntdsutil 


C:\Users\Admi nistrator>net accounts 

Force user logoff how long after time expires?: 

Never 

Minimum password age (days): 

1 

Maximum password age (days): 

42 

Minimum password length: 

7 

Length of password history maintained: 

24 

Lockout threshold: 

Never 

Lockout duration (minutes): 

30 

Lockout observation window (minutes): 

30 

Computer role: 

BACKUP 

The command completed successfully. 

c : \use rs\Admi ni st rator>ntdsuti 1 

ntdsutil: roles 

fsmo maintenance: connections 



8. Type Connect to server SYS1 (ADC System name) and Press Enter. 

m Administrator: C:\Windows\system32\rmd.exe - ntdsutil 


c:\users\Admini st rator>net accounts 

Force user logoff how long after time expires?: Never 

Minimum password age (days): 1 

Maximum password age (days): 42 

Minimum password length: 7 

Length of password history maintained: 24 

Lockout threshold: Never 

Lockout duration (minutes): 30 

Lockout observation window (minutes): 30 

Computer role: backup 

The command completed successfully. 


c:\users\Admi ni strator>ntdsuti 1 

ntdsutil: roles 

fsmo maintenance: connections 

server connections: connect to server sysl 
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9. Type: Quit 


m 


Administrator C:\Windows\system32\cmd.exe - ntdsutil 


c:\users\Admini st rator>net accounts 

Force user logoff how long after time expires?: 

Minimum password age (days): 

Maximum password age (days): 

Minimum password length: 

Length of password history maintained: 

Lockout threshold: 

Lockout duration (minutes): 

Lockout observation window (minutes): 
computer role: 

The command completed successfully. 


Never 

1 

42 

7 

24 

Never 

30 

30 

BACKUP 


C:\Users\Admi ni strator>ntdsuti 1 

ntdsutil: roles 

fsmo maintenance: connections 

server connections: connect to server sysl 

Binding to sysl . . . 

connected to sysl using credentials of locally logged on user 
server connections: quit 


10. Type Help(or)? To view the available syntax. 


Ci 


Administrator C:\Windows\system32\cmd.exe - ntdsutil 


smo maintenance: 


connections 

Help 

Quit 

seize infrastructure master 
er 

seize naming master 
r 

Seize PDC 
Seize RID master 
Seize schema master 
Select operation target 


Transfer infrastructure master - 


- Show this help information 

- connect to a specific ad dc/u 

- show this help information 

- Return to the prior menu 

- overwrite infrastructure role 

- overwrite Naming Master role ( 


Overwrite PDC role on connects 
Overwrite RID role on connectf 
Overwrite schema role on conne 
Select sites, servers, domain: 
naming contexts 
Make connected server the ini 


Transfer naming master 
Transfer PDC 
Transfer rid master 
Transfer schema master 


Make connected server the nami 
Make connected server the PDC 
Make connected server the rid 
M ake connected server the schc 


fsmo maintenance 
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11. Type Seize infrastructure master and Press Enter. 


Administrator C:\WindowsVsystem32\cmd exe - ntdsutil 


Ifsmo maintenance: ? 


connections 

Help 

Quit 

seize infrastructure master 
ler 

Seize naming master 
|r 

Seize PDC 
Seize RID master 
Seize schema master 
Select operation target 


show this help information 
connect to a specific ad dc/li( 
show this help information 
Return to the prior menu 
overwrite infrastructure role 


- Overwrite Naming Master role q 


Overwrite PDC role on connecte 
Overwrite RID role on connecte 
Overwrite schema role on conne 
Select sites, servers, domains 


naming contexts 

Transfer infrastructure master - Make connected server the inH 


Transfer naming master 
Transfer pdc 
T ransfer rid master 
Transfer schema master 


Make connected server the nami 
Make connected server the pdc 
M ake connected server the RID 
Make connected server the schd 


fsmo maintenance: Seize infrastructure master. 


12. Click YES. 
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13. Type Seize naming master and Press Enter. 


m Administrator; C:\Windows\system32\cmd.exe - ntdsutil 


fsmo maintenance: Seize infrastructure master 

Attempting safe transfer of i nf rastructure FSMO before seizure. 

ldap_modify_sW error 0x34(52 (unavailable). 

Ldap extended error message is 000020AF: SvcErr: DSID-032103C7, 
AVAILABLE), data 8524 

Win32 error returned is 0x20af(The requested FSMO operation fai 
FSMO holder could not be contacted.) 

) 

Depending on the error code this may indicate a connection, 
ldap, or role transfer error. 

Transfer of infrastructure FSMO failed, proceeding with seizure 
Server "sysl" knows about 5 roles 

Schema - CN=NTDS Setti ngs ,CN=SYS2 ,CN=Servers ,CN=Default-Fi rst-5 
, CN=Confi gurati on , DC=Mi crosoft , DC=com 

Naming Master - CN=NTDS Setti ngs, CN=SYS2,CN=Servers,CN=Default- 
N=si tes , CN=Conf i gu r at i on , DC=Mi crosoft , DC=com 
PDC - cn=ntds Settings, CN=SYS2,CN=servers,CN=Default-First-site 
=Conf igurat i on , DC=Mi crosoft , DC=com 

RID - CN=NTDS Setti ngs , CN=SYS2 , CN=Servers , CN=Defaul t-Fi rst-Si te 
=Conf igurati on , DC=Mi crosoft , DC=com 

Infrastructure - CN=NTDS Settings, CN=SYSl,CN=Servers,CN=Default 
CN=Si tes , CN=Conf i gurati on , DC=Mi crosoft , DC=com 
fsmo maintenance: Seize naming master^ 


14. Click YES 



15. Type Seize PDC and Press Enter. 


®i Administrator; CAWindows\system32\cmd.exe - ntdsutil 


Win32 error returned is Ox20af(The requested fsmo operation fai 
FSMO holder could not be contacted.) 

) 

Depending on the error code this may indicate a connection, 
ldap, or role transfer error. 

Transfer of domain naming FSMO failed, proceeding with seizure 
Server "sysl" knows about 5 roles 

Schema - cn=ntds Setti ngs, cn=sys 2 ,CN=servers ,CN=Default-Fi rst-s 
, CN=Conf i gu rati on , DC=Mi crosoft , DC=com 

Naming Master - CN=NTDS Settings, CN=SYSl, CN=Servers ,CN=Default- 
N=si tes , CN=conf i gurati on , DC=Mi crosoft , DC=com 

PDC - CN=NTDS Setti ngs, CN=SYS2,CN=Servers,CN=Defaul t-Fi rst-Si te 
=conf i gurati on , DC=Mi crosoft , DC=com 

RID - cn=ntds Setti ngs , cn=sys 2 , CN=serve rs , CN=Defaul t-Fi rst-si te 
=conf i gurati on , DC=Mi crosoft , DC=com 

infrastructure - CN=NTDS Setti ngs, CN=SYSl,CN=Servers ,CN=Default 
CN=Si tes , CN=Conf i gurati on , DC=Mi crosoft , DC=com 
fsmo maintenance: seize pdc 
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16. Click Yes 



17. Type Seize RID Master and Press Enter. 


as Administrator: C:\Windows\system32\cmd exe - ntdsutil 


=Conf i gurat i on , DC=Mi crosoft , DC=com 

infrastructure - cn=ntds settings ,CN=SYSl,CN=servers ,CN=Defauli 
CN=si tes , CN=conf i gurat i on , DC=Mi crosoft , DC=com 
fsmo maintenance: Seize PDC 

Attempting safe transfer of PDC FSMO before seizure. 

1 dap_modi f y_sw error 0x34(52 (Unavailable). 

Ldap extended error message is 000020AF: SvcErr: DSID-032105B1, 
AVAILABLE), data 8524 

Win32 error returned is 0x20af(The requested fsmo operation fai 
FSMO holder could not be contacted.) 

) 

Depending on the error code this may indicate a connection, 
ldap, or role transfer error. 

Transfer of PDC FSMO failed, proceeding with seizure ... 
server "sysl" knows about 5 roles 

schema - cn=ntds settings, CN=SYS2,CN=servers,CN=Default-First-' 
, CN=confi gu rati on , DC=Mi crosoft , DC=com 

Naming Master - CN=NTDS Settings, CN=SYSl,CN=Servers ,CN=Default- 
N=Si tes , CN=Conf i gu rati on , DC=Mi crosoft , DC=com 

PDC - cn=ntds Settings ,CN=SYSl,CN=servers,CN=Default-Fi rst-site 
=Conf i gurat i on , DC=Mi crosoft , DC=com 

rid - cn=ntds setti ngs , cn=sys 2 , CN=servers , CN=Defaul t-Fi rst-si te 
=conf i gurati on , DC=Mi crosoft , DC=com 

infrastructure - cn=ntds Settings ,CN=SYSl,CN=servers ,CN=Default 
CN=Si tes , CN=Conf i gurati on , DC=Mi crosoft , DC=com 
fsmo maintenance: Seize RID master.. 


18. Click YES 
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19. Type Seize Schema Master and Press Enter. 


m Administrator: C:\Windows\system32\cmd.exe - ntdsutil 


ldap, or role transfer error. 

Transfer of rid FSMO failed, proceeding with seizure ... 
Searching for highest rid pool in domain 
Server "sysl” knows about 5 roles 

schema - cn=ntds setti ngs , cn=sys 2 ,CN=servers ,CN=Default-Fi rst-s 
, CN=Conf i gu rati on , DC=Mi crosoft , DC=com 

Naming Master - cn=ntds settings, CN=SYSl,CN=servers ,CN=Default- 
N=si tes , CN=Conf i gurati on , DC=Mi crosoft , DC=com 

PDC - CN=NTDS Settings, CN=SYSl,CN=Servers,CN=Default-First-Site 
=conf i gurati on , DC=Mi crosoft , DC=com 

RID - CN=NTDS Setti ngs , CN=SYSl, CN=Serve rs , CN=Defaul t-Fi rst-Si te 
=Conf i gurati on , DC=Mi crosoft , DC=com 

infrastructure - cn=ntds setti ngs, CN=SYSl,CN=servers,CN=Default 
CN=Si tes , CN=Conf i gurati on , DC=Mi crosoft , DC=com 
fsmo maintenance: seize schema master. 


20. Click YES 



21. Type Quit and press Enter 


H Administrator: C\Windows\system32\cmd.exe - ntdsutil 


Depending on the error code this may indicate a connection, 
ldap, or role transfer error. 

Transfer of schema FSMO failed, proceeding with seizure ... 
server "sysl" knows about 5 roles 

Schema - CN=NTDS Settings ,CN=SYSl,CN=Servers ,CN=Default-Fi rst-5 
, CN=Conf i gu rati on , DC=Mi crosoft , DC=com 

Naming Master - cn=ntds settings, cn=sys 1, CN=servers, CN=Default- 
N=si tes ,CN=confi gurati on ,DC=Mi crosoft ,DC=com 

PDC - CN=NTDS Setti ngs, CN=SYSl,CN=Servers,CN=Defaul t-Fi rst-Si te 
=Conf i gurati on , DC=Mi crosoft , DC=com 

rid - cn=ntds setti ngs , cn=sys 1, CN=servers , CN=Default-Fi rst-Si te 
=Conf i gurati on , DC=Mi crosoft , DC=com 

infrastructure - cn=ntds Setti ngs, CN=SYSl,CN=Servers ,CN=De fault 
CN=si tes , CN=conf i gurati on , DC=Mi crosoft , DC=com 
fsmo maintenance: quit. 
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22. Type Quit and Press Enter. 


to Administrator: C:\Windows\systern32\cmd.exe - ntdsutil 


Server "sysl" knows about 5 roles 

Schema - CN=NTDS Setti ngs ,CN=SYSl,CN=Servers ,CN=Default-Fi rst-S 
,CN=confi gurati on , DC=Mi crosoft ,DC=com 

Naming Master - CN=NTDS Setti ngs, CN=SYSl,CN=Serve rs ,CN=Default- 
N=sites , CN=configurati on ,DC=Mi crosoft , DC=com 

pdc - cn=ntds setti ngs, CN=SYSl,CN=Servers,CN=Defaul t-Fi rst-Si te 
=conf i gurati on , DC=Mi crosoft , DC=com 

RID - CN=NTDS Setti ngs , CN=SYS1 , CN=Serve rs , CN=Defaul t-Fi rst-Si te 
=conf i gurati on , DC=Mi crosoft , DC=com 

Infrastructure - CN=NTDS Settings ,CN=SYSl,CN=Servers ,CN=Default 
CN=si tes , CN=conf i gurati on , DC=Mi crosoft , DC=com 
fsmo maintenance: quit 
ntdsutil: quit. 


Verification: 


1. Type Net accounts and Press Enter 


2. Computer role of Additional Domain Controller will be converted to Primary. 


OS Administrator: C:\Windows\system32\cmd exe 


Naming Master - cn=ntds Settings, CN=SYSl,CN=servers,CN=Default- 
N=si tes , CN=conf i gurati on , DC=Mi crosoft , DC=com 

PDC - CN=NTDS Settings, CN=SYSl,CN=Servers ,CN=Default-Fi rst-Site 
=Conf i gurati on , DC=Mi crosoft , DC=com 

RID - CN=NTDS Setti ngs , CN=SYSl, CN=Serve rs , CN=Defaul t-Fi rst-Si te 
=Conf i gurati on , DC=Mi crosoft , DC=com 

infrastructure - cn=ntds setti ngs ,CN=SYSl,CN=servers ,CN=Default 
CN=si tes , CN=conf i gurati on , DC=Mi crosoft , DC=com 
fsmo maintenance: quit 
ntdsuti 1 : quit 


c:\users\Admi nistrator>net accounts 

Force user logoff how long after time expires?: Never 

Minimum password age (days): 1 

Maximum password age (days): 42 

Minimum password length: 7 

Length of password history maintained: 24 

Lockout threshold: Never 

Lockout duration (minutes): 30 

Lockout observation window (minutes): 30 

Computer role: PRIMARY 

The command completed successfully. 


C:\Users\Admi ni strator> 
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Lab - 31: Applying Group Policy on Organizational Unit Level 


Objective: 

To apply group policies on a particular OU 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A member server running windows sever 2012 or client running windows 7. 

Topology: 



MICROSOFT.COM 


SYS1 


SYS2 


Domain Controller 


Member Server / Client 

IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 

1. Press Windows Key to go to Start, select Group Policy Management. 


Start 



Administrator ^ 

& 

W 


T 


Server Manager 

Window* 

PowcrShell 

Ad ri initiative Active Directory 

Took Users and.. 

Active Drectory 
Module for- 


Q I 

m 

rf 

a 


Computer 

Tadc Manager 

Active Directory 

Sites ar.d. 

Active D rectory 

domains and. 


W 

£ 

■ 

* 


Centre! Panel 

Internet Explorer 

Active Directory 
Administrative.. 

ADS! Edit 




* 

* 

ur 

JML 


Desktop 

— - 

Group Pokey 
Management 

DNS 







2. Right click OU (Sales) -^Create a GPO in this domain and Link it here. 


j£ File Action View Window Help 

*+| m\ km a h es 


Group Policy Management 


Group Policy Management 
a Forest; microsoftcom 
^ Domains 
•« microsoft.com 

Default Domain Policy 
t> aj Domain Controllers 
sales 
t> j Grou 


> £, WMI 
t> .3 Starts 
r Sites 
if? Group Poli 
IS Group Poli 


sales 


Linked Qwp Policy Objects | Group Pokey Inhentance | Delegation 

Lirktirder GPO Enforced Link Enabec 


GPO Statu: 


Create a GPO in this domain, and Link it here .. 


Link an Existing GPO... 

Block Inheritance 
Group Policy Update- 
Group Policy Modeling Wizard- 
New Organizational Unit 
View 

New Window from Here 

Delete 

Rename 

Refresh 

Properties 

Help 
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3. Enter any name to GPO Link (Ex: Remove Computer Icon) and click OK. 



Right Click created GPO Link Edit 


> 



Group Policy Management 

-i“Jx | 

jk File 

Action View 

Window Help 


-I* 

«■*! 

*i Tl| K |g| 

B T 




a Group Policy Management 
•* A forest mtcrosoftxom 
* ft Domains 

microsoft.com 
si' Default Domain Policy 
l> £1 Domain Controllers 
-i - ,ales 

. Remove Computer ko n 
r -V Group Policy Objects 
t> _* WMI Fitters 
3 Starter GPOs 
t» Sites 

•«> Group Policy Modeling 
2 -.. Group Policy Results 


Open the GPO editor 


Remove Computer Icon 


s™** Eoali Secnsi [<lm' 
Ms 

Qvlsy inks h Ihs iocdion: 




he 1 aliasing ilM dMBhc, 3rd OUl n liKed I. Ins GPO 

Location 

£ safes 


BVqned 

Mo 


Lrt< &i atkti 
res 


Pdh 

nrrvtt zyr vir? 


Edit.. 


Enforced 
Link Enabled 
Save Report.. 

View 

New Window from Here 

Delete 

Rename 

Refresh 

Help 


the folcwrs gnxiJS. users a n d -cwputrrs 


Ado 






WMI Hit wing 

TH» GPO is frtwi to *.h* fdtawing WW Sltf 


Op r> 


In Group Policy Management Editor Window, Go to User Configuration Policies 
Administrative Templates -^Desktop. 
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Select a policy (Remove Computer icon on the Desktop) on right side of the screen. Right Click 
and select Properties. 



Group Policy Management Editor 

^itrj x| 

File Action View Help 

+ * fiH Li| □ 3 7 




Remove Computer Icon [SYS1.MICR 

■* (fr Computer Configuration 
I- 3 Policies 
l> 3 Preferences 
■t >& User Configuration 
j ■ Policies 

i- 1 Software Settings 
t Windows Settings 
* 3 Administrative Templates; I 
t- 21 Control Panel 
(• Li Desktop 
ii J Network 
U Shared Folders 
l- fi Start Menu and Taskbar 
> LI System 

t- _ Windows Components 
All Settings 
(• Preferences 


Desktop 


Remove Computer icon on 
the desktop 

Edit 1 : Dill V 1 i ll -.1 

Requirements: 

At least Windows Server 
2003 operating systems or 
Windows XP Professional 

Description: 

This setting hides 
Computer from the 
desktop and from the new 
Start menu It also hides 
links to Computer in the 
Web view of all Explorer 
windows, and it hides 
Computer in the Explorer 
folder tree pane. II the user 
navigates into Computer 
via the "Up' button while 
this setting is enabled, they 
view an empty Computet 
folder This setting allows 
administrators to restrict 
their users from seeing 

■ Extended .Standard 


Setting 

' Active Directory 
2* Desktop 

;• Prohibit User from manually redirecting Profile ... 
£ Hide and disable all items on fhe desktop 
£ Remove the Desktop Cleanup Wizard 
: Hide Internet Explorer icon on desktop 


Remove Computer icon on the desktop 


r Remove My Documents icon on the desktop 
i Hide Network Locations icon on desktop 
£ Remove Properties from the Computer icon con._ 
v Remove Properties from tne Documents icon co 
U Do not add shares of recently opened documen.. 
£ Remove Recycle Bin icon from desktop 
h Remove Properties from the Recycle Bin contex, 
£ Don't save settings at exit 
£ Turn off Aero Shake window minimizing mouse 
Prevent adding, dragging, dropping and closing... 
£ Prohibit adjusting desktop toolbars 


State 


Not configu,. 
Not configu,. 
Not configu .. 
Not configu... 


Not configu. 


Not configu... 
Not configu... 
Not configu .. 
Not configu,. 
Not configu... 
Not configu .. 
Not configu... 
Not configu,. 
Not configu .. 
Not configu,. 
Not configu,. 


Cor 


16setting(s) 


7. Select Enabled option and click Apply and OK. 
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1. Logon to client system as sales OU user (si) and verify the changes because of the policy. 




si 


Network 


If 

Recycle Bei 


V 


Control Per* 1 

S3 Windows Server 2012 

i l tj 

1 
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Lab - 32: Applying Group Policy on Domain Level 


Objective: 

To apply policies which will affect the complete domain 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A member server running windows sever 2012 or client running windows 7. 

Topology: 



MICROSOFT.COM 


SYS1 


SYS2 


Domain Controller 


Member Server / Client 

IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 

1. Press Windows Key to go to Start, select Group Policy Management. 


Start 



Administrator ^ 


w 

& » 

w 


Server Manager 

WirnkM* 

PowcrShell 

AdmiraUfabwe Active Directory 

Tools Lasers and .- 

AOive Directory 
Module for. 


Q 


iff 

3 


Computer 

TaA Manager 

Actwe Dveclory 
Sites and. 

Act** Drectory 
Domains and. 


V 

0 

1 



Control Panel 

Interne: Explorer 

Active Directory 
Adrrinistratve- 

ADSI Edit 




m 

* 




F • 

M 


Desktop 


Group Pokey 
Management 

DNS 







2. Right click Domain name (MICROSOFT.COM) and select Create a GPO in this domain and Link 
it here. 


Group Policy 


^1*1 


_a File Action View Window Help 

a[®J □! (3 s B 3 


\Ai 


ji Group Policy Management 
A Forest: microsoft.com 

u jb Domains 

■< fi microsoft.com 


Default Dor 
b aj Domain Coi 
b i sales 
b j Group Polio 
b 4 WMI Filters 
3 Starter GPO 
t U Sites 
iiS Group Policy Modi 
i Group Policy Resu 


microsoft.com 


3»tui _rv.od Gnus Pslcy Oases | Gro.p Pdc, hharance [ Z«lco3»:n 
~ i. u.w ttOMbb statLcc f Axve Dlvcron u d SV3'.C.O : :F' opUdt jil» ;t»» ju-i.ii da r. reiaea lo 3xua Pjlnr 


Create a GPO in ttiis domain, and Link rt here.. 
Link an Existing GPO... 

Block Inheritance 

Group Policy Modeling Wizard. 

New Organizational Unit 
Search . 

Change Domain Controller- 
Remove 

Active Directory Users and Computers... 

View 

New Window from Here 

Refresh 

Properties 

Help 


»an conr rd«r forth* <*vn-r 


Chg-op 


oirar 

tnjetue n'.aL.v from J </ Iftw don «i r i ccn’.'W* n lh« ctofnali 


Detect Nw 


Create a GPO in this domain and link it to this container 
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3. Enter New GPO Link name Ex: Remove Network Icon and click OK. 



4. Select the Created GPO Right Click Created GPO -> Select Edit. 


Jk 

Group Policy Management 

| - |0 | 

x | 

ti File Action View Window Help 


[T 


*«► X A Q Tf 


i Group Policy Management 

4 A Forest microsoft com 

4 ft Domains 

4 f3 microsoftcom 

. Default Domain Policy 

, Remove Access to Control Panel 

Remove Access to Control Panel 

Scopfc Details | Setongs Delegation 

Links 

Display links in tuslo 

1 ha following sites, d 


cal ' on |mici030ltcom v 

□mains, and OUs are [ inked to is GPO 

l- £) Domain Controllers 

!• 4 1 Sales 

r Group Policy Objects 
\f ik WMI Filters 
\r 2 Starter GPOs 

Edit- 

Enforced 

✓ Link Enabled 

Save Report- 

View * 

New Window from Here 

Enforced LmkEnabled Path 

No Yes microsoft com 

v i (Si Sites 

& Group Policy Modeling 
• Group Policy Results 

III _[>_ 

Delete 

Rename 

■>0 can only apply to Ihe toP owing groups, users, and computers 


Refresh 

Help 

: 

IP 

•r; 


5. In the Group Policy Management editor window. Go to User Configuration -^Policies 
-^Administrative Templates Control Panel 


6. Select a policy (Prohibit Access to Control Panel and PC Settings) right side of the screen, 
Right Click and select Properties. 


Group Policy Management Editor 


- a 


file Action yiew Help 

*+ a ml T 

Remove Access to Control Panel 
4 A* Computer Configuration 
s 2 Policies 
v fl. Preferences 
4 A User Configuration 
4 iC Policies 

V SE Software Settings 
v I Windows Settings 
4 Administrative Templatr 
i ■. Control Panel 
s m. Desktop 
F 13 Network 
13 Shared Folders 
r 31 Start Menu and Taskt 
V C System 

s S3 Windows Componen 
7- All Settings 
v t Prelerences 


Control Panel 




< hi 
4 setting(s) 


Prohibit access to Control 
Panel and PC settings 

Edit ul-I'Cv setting 

Requirements 
At least Windows 2000 

Description: 

Disables all Control Panel 
programs and the PC 
settings app 

This setting prevents 
Control exe and 
SyslemSettingsexe. the 
program files for Control 
Panel and PC settings, from 
starting. As a result users 
cannot start Control Panel 
or PC settings, or run any of 
their items 

This setting lemoves 
Control Panel from: 

The Start screen 

Extended * Standard j 


Setting State 

X Add or Remove Programs 
i. Display 

2 Personalization 
; Printers 

3 Programs 

3 Regional and Language Options 

£ Hide specified Control Panel items Not configured 

: Always open All Control Panel Items when opening Co Not configured 


Show only specified Control Panel items 


Not configured 
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7. Select Enabled option and click Apply and OK 



Verification: 

1. Login as User (SI) to Client or Member Server and try to access Control Panel. 




Cnmpurrr 




Network 




Recycle B*n 


Control Pe/’rt 


Restrictions 


O ThiS operation hsi been cancelkd due to restrictions in effect on this compute Pkate 
contact your system adm.nistietor 


Windows Server 2012 


Windows Server 2012 Standard 
Build 9200 
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Lab - 33: Applying Group Policy on Site Level 


Objective: 

To apply policies according to locations 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A member server running windows sever 2012 or client running windows 7. 

Topology: 



MICROSOFT.COM 
SYS1 SYS2 

Domain Controller Member Server / Client 


IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 

1. Go to Start, Group Policy Management Right click Group Policy Objects-^ Select New. 


Group Policy Management 


File Action View Window Help 

•>* 5 


w\ □ & Qi 

Group Policy Management 
j A Forest: microsoft com 
* 4k Domains 

j microsoft.com 

a Default Domain Policy 
a Renxrve Network Icon 
t - Domain Controllers 
o B sales 

t; j Group Policy Objects 
1- r WMI Filters 
3 Starter GPOs 
r a Sites 

rfS Group Policy Modeling 
l S: Group Policy Results 


Group Policy Objects in microsctt.com 


Contents DstejatOT 



GPO Statjs 

WM ftter 

ModHed 

jjf Der'aut Cbnan Controller! Palcy 

Enabled 

Nona 

5/7. -201 3 10 35:51 

_j Cor cut Donah Polcy 

Enabled 

None 

5/7/2011 10:35:5^ 

* Pemo/e Computer Icon 

Enabled 

None 

5/7,2013 11:19:5: 

\ Ferro/e VletAo^k bon 

Enabled 

None 

5/7,201311.27.21 


New 
BackUp All... 

Manage Backups... 

Open Migration Table Editor 
View 

New Window from Here 

Refresh 

Help 


2. Enter New GPO Link name Ex: Remove Recycle Bin and click OK. 
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3. Select the Created GPO Right Click Created GPO Select Edit. 


File Action View Window Help 

** ate] «i Us 

Ji Group Policy Management 
v A Forest: mia050ft.com 
* * Domains 

d Si microsoftcom 

. i Default Domain Policy 
y’ Remove Network Icon 
& - Domain Controllers 
b \i sales 

t> j Group Policy Objects 
t> U WMI Filters 
3 Starter GPOs 
b a Sites 

*£) Group Policy Modeling 
i a Group Policy Results 


Group Policy Management 


I I M 

LJii* 


Croup Policy Objects in microeoft.com 


j Z'dbOd-.ijr 


Sanv * GPd StaLir WMi Hv 

v Detajt Doron Cortrol <rs Potcy Enabled None 

I Cwfdut Owian Poles Enabled Nore 

=f Remove Computer Icon Enabled None 

jf Renew Wetwoik Icon Billed None 

Edit 

GPO Status 
Back Up- 

Restore from Backup.. 

Import Settings.. 

Save Report.. 

Copy 
Delete 
Rename 
Refresh 


Own* 

5/7/2013 1036 54 Donon 
5/7/2013 10-36.54 .. DoniMi Adrlrc . 
5 / 7 / 2 OI 3 1 1 19 53 t/ynvr 
5/7/201 3 1 1 2721 .. Doman Mrtrt 

nWMHIBMEBSESa 


S Group Policy Objt 


4. Select User Configuration -> Policies -> Administrative Templates -> Desktop, select Remove 
Recycle Bin icon from desktop. 


Group Policy Management Editor 


I I M 


File Action View Help 

<■«* ate! a □ 


j Remove Recycle Bin [SYSt MICROSr 
a * Computer Configuration 
b 9 Policies 
b ll Preferences 
a A User Configuration 
a 9 Policies 

v Di Software Settings 
b J Windows Settings 
a 9 Administrative Templates: 
i- 1 Control Panel 
b 1 Desktop 
b 31 Network 
9 Shared folders 
b Cj Start Menu and Taskbar 
b 9 System 

b 9 Windows Components 
■_ All Settings 

b ' Preferences 


Desktop 


Remove Recycle Bln kon 
from desktop 

Edit pc ry setting 

Requirements: 

At least Windows Server 
2003 operating systems or 
Windows XP Professional 

Description: 

Removes most occurrences 
of the Recycle Bin icon. 

This setting removes the 
Recycle Bin icon from the 
desktop, from File Explorer, 
from programs that use Ihe 
File Explorer windows, and 
from the standard Open 
dialog box 

This setting does not 
prevent the user from using 
other methods to gain 
access to the contents of 
fhe Recycle Bin folder. 


> j|\ Extended ^Standard ] 


Setting 

3 Active Directory 
A J Desktop 

lUi Prohibit User from manually redirecting Profile .. 
[S3 Hide and disable all items on the desktop 
Remove the Desktop Cleanup Wizard 
iD Hide Internet Explorer icon on desktop 
: Remove Computer icon on the desktop 
iti Remove My Documents icon on Ihe desktop 
i l£| Hide Network Locations icon on desktop 
: I Remove Properties from the Computer icon coo. 
iLi Remove Properties from Ihe Documents icon co_. 
: , Do not add snares of recently opened documen. 


State 


Not configu 
Not configu 
Not configu. 
Not configu. 
Not configu 
Not configu 
Not configu 
Not configu. 
Not configu. 
Not configu 


Not conligu.. 


jij Remove Properties from the Recycle Bin contex.. Not configu 
it "i Don't save settings at exit Not configu. 

iLJ Turn off Aero Shake window minimizing mouse ... Not configu 
: , Prevent adding dragging dropping and dosing.. Not configu. 
I Prohibit adjusting desktop toolbars Not configu. 


[Remove Recycle 8111 icon Irorn desktop 


Cor 


16 settmg(s) 
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Right click Remove Recycle Bin icon from desktop^ Properties, select Enabled OK Close. 


Remove Recycle Bin icon from desktop 


— 


n Remove Recycle Bin icon from desktop 


Lre/iousSettng 


Slext Setting 


O Not Configured 
•' Ena Died 
C 1 Ciabea 


Options 


Comment: 


Supported on. vyindcmA Server 2003 operating vysterm or Window* XP Profevvional 


Help 


Removes most occurrences of the Rec/ck Sin kon. 

T hrs setting removes the Recycle Bin icon from the desktop, 
from File Fsplorer fiom programs that me the File Fiplorei 
windows, and from the standard Open dialog box 

T hrs setting does not prevent the user from using other method* 
to gain ace*** to the contents of the Recycle Bin folder 

Note T o make change to this :ctt ng effective, you must log off 
end then log back on. 


OK 


Cancel 


Apply 


Right click Sites-^select Show Sites-^check Default-First-Site-Name-> click OK-> Right Click 
Default-First-Site-Name“> select Link an Existing GPO.... 


Group Robey Mdrwgeroeot 


- a 


File Action View Window Hetp 

>«e| 8 t^I & u 


l-l' 


Sites 


Corterte 


jL Group Policy Management 
‘ A Forest miorosoftcom 
* A Domains 

‘ fl miaosolLcom 

w'J Default Domain Policy 
inf Remove Network kon 

> £ Domain Controllers 
s £ sales 

t J Group Policy Ob)ects 

> i WMI Filters 
-2 Starter GPOs 

p a Sites 

■t? Group Active Directory Sites and Services- 

Grouc Snow Sites- 


Change Domain Controller 
View 

New Window from Here 

Refresh 

Help 


Choose sites to display within the console 
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7. Select an existing GPO, (Remove Recycle Bin) click OK. 


Select GPO 


x 


Look in this domain: 

miCTOSoft.com v 


Group Policy objects: 

Name ‘ 

Default Domain Controllers Policy 
Default Domain Policy 
Remove Computer Icon 
Remove Network Icon 


Remove Recycle Bin 


OK 


Cancel 


Verification: 

1. Login as a user to Client or Member Server, and Verify for the changes. 
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Lab - 34: Applying Group Policy Modeling 


Objective: 

To generate reports about polices applied on users and ou 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A computer running windows 2012 server or Windows 7. 

Topology: 



MICROSOFT.COM 
SYS1 SYS2 

Domain Controller Member Server / Client 


IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 

1. Go to Group Policy Management Right Click Group Policy Modeling and Select Group 
Policy Modeling Wizard. 


a 


i File Action View Window Help 

fils! B S3 


Group Policy Management 


I I M 

- I e 


j, Group Policy Management 
' A Forest microsoft.com 
I- Domains 
t l« Sites 

i". Group Policy Modeling 
l - Group Policy Results 


Group Policy Modeling 


Cartels j 

Save ' 


User Cc'CLtai 


Loll Rdnert Date 


Group Policy Modeling Wizard. 
View 

New Window from Here 
Help 


Launch the Group Policy Modeling Wizard 


2. Click Next. 


Group Policy Modeling Wizard 

Welcome to the Group Policy 
Modeling Wizard 

This wizard helps you simulate a policy deployment for 
planning and testing purposes. By specifying the domain 
controller, users, security group membership, location, and 
WMI filter status, you can model the resulting set of policy of 
any configuration. 


To continue, dick Next 


c Back 

i Next? j 


Cancel 
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3. Select the domain name and click Next. 


Group Policy Modeling Wizard 

Domain Controller Selection 

You must specify a domain controller to use for performing the simulation 


■I 


The smulation performed by Group Policy Modeling must be processed on a domain controller running 
Windows Server 2003 or later 

Show domain controllers in this domain 

microsoft.com v 

Process the simulation on this domain controller: 

(§• Any available domain controller running Windows Server 2003 or later 
O This domain controller: 


Name 

▲ 

Site 

sysl microsoft com 


Default -First-Sit e-Name 


< Back 

Next > 


Cancel 


4. Select User and click Browse enter the Username (Sl)-> click OK and Next. 
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5. Select the site (Default-First-site-Name) and check skip to final page, click Next. 



6. Click Next^ Finish. 


Verification: 


1. Click Details on the summary page and verify the policies applied on the User. 


a ■ i 

Group Policy Management 

--1*1*1 

_a £ile Action View Window Help 


-k 


** filial XI H 3 

j» Group Policy Management 
A forest microsoft.com 
t- A Domains 
I- i* Sites 

-i i K- Group Policy Modeling 
1 Group Policy Results 


si 


Sumnuiy DrtoU | Ojw . 
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Lab - 35: Applying Software Deployment Policy 


Objective: 

To provide software to users through network 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A member server running windows sever 2012 or client running windows 7. 

Topology: 



MICROSOFT.COM 
SYS1 SYS2 

Domain Controller Member Server / Client 


IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 

1. Logon to D.C as Administrator, Create a Shared folder with (.msi) applications in it 

2. Go to Group Policy Management. 


Start 


L 

Server Manager 

w 

W.ikJujw 

Pwcf Shell 

a 

Adrnir* Or alive 
Took 

Q 

Computer 

Ta:k Manager 


W 

Cootie! Panel 

0 

Internet Explorer 


Desktop 




Administrator ^ 




Active Directory 
Jzcrz and - 

w 

Active Directory 
Module for- 


it 


Active Directory 
Sites and- 

Active Directory 
Domains and- 

i 

* 

Active Directory 
Administrative.. 

ADSI Edit 

P 

t 

jIl 

Group Pokey 
Management 

DNS 


3. Right click OU (Salesl) -^Create a GPO in this domain and Link it here Enter the name 
(Software Deployment) click OK, Right click the policy and click Edit. 
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4. User Configuration Expand Policies Expand Software settings Right click Software 
Installation Select New - ^ Package 

Group Policy Management Editor 

File Action View Help 


a [c| u <s j-I u a 


software deployement 1SVS1.MICR 
A 1 Computer Configuration 
r 3 Policies 

F Preferences 
r* User Configuration 
a S Policies 

•* l 2 Software Settings 

3 Software installation 

Name 

Vers. Deploymen... Source 

There are no items to show in this view 

> J Windows Settings 
t> C3 Administratis Templat 
t j Preferences 

New » 

Package.. 


View * 

Paste 

Refresh 

Export List... 

Properties 

Help 



5. From the left pane, select Network, OpenSYSl (Server containing shared folder). 




MCSE Lab Manual 


Page | 200 


www.zoomgroup.com 




6. Select the MSI Softwares Shared Folder-^ click Open. 



7. Select the Application Folder (Power Point Viewer) click Open. 



0 
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8. Select the Application (PPVIEWER) click Open. 



9. Select the Method to Deploy Application (Published) and click OK. 

Deploy Software 

Select deployment method; 

• jFubiig hiiitij 
O Assigned 
O Advanced 


Select this option to Publish the application without modifications. 


OK 


Cancel 
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Verification: 
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1. Go to Member Server and login as userl. 

2. Go to Control Panel, click Programs and Features. 

3. Click Install a Program from the Network, Select the Application and Install 


Get Programs 


* t fl > Control Panel ► Programs ► Get Programs 


v C c,earr\ 


Control Panel Home . . „ , , 

Install a program from the network 

Uninstall c program To install a program, select it from the list and then elicit Install. 

^ Turn Windows features on or 
Of* 

Organize * Install 


Mame 


■ Microsoft PowerPoint Viewer 


Install 
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Lab - 36: Applying Scripts using Group Policy. 


Objective: 

To deploy scripts using group policies 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A member server running windows sever 2012 or client running windows 7. 

Topology: 



MICROSOFT.COM 
SYS1 SYS2 

Domain Controller Member Server / Client 


IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 


1. Log on to D.C, create a Shared Folder User Scripts with Everyone as Read/write. 

2. Go to Start, type Notepad in Search Apps, and select Notepad. 

3. Enter the text wscript.echo "Welcome to Microsoft" 


3 

Untitled - Notepad 

File Edit Format View Help 



wscript . echo"welcome to microsoft" 


4. Save the file in the Shared folder User Scripts as Logon.vbe 

5. Go to Group Policy Management Right click OU (Salesl)-^ Create a GPO in this domain and 
Link it here and enter the name Script, click OK, Select the GPO Right Click and select Edit. 


ft 



Group Policy Management 

- u 1 x | 

j File 

Action View 

Window Help 


LI 19 

4>+| 

'i;r x • 

H 3 




Group Policy Management 
■< A Forest: miCTOsoft.com 
•< js Domains 

■* & miCTOsoft.com 

Default Domain Policy 
Remove Network Icon 
t> £ Domain Controllers 
•* i sales 

a scripts 
t> A Group Pol 

l> WMI F liter. Fr)forced 

» 3 Starter GP^J Link Enabled 
l . j Sites 

f Group Policy Mo 
1 Group Policy Res 


scripts 

Scope j Ddpli Spnrifis I ObkigulLr 

Links 

Duplay lrt<» n tht location 
Thafolcivrcatw a^d OUs ars Inkad to th« GPO 


Ticnscrft cor 


- talm 


Err! arced 
to 


L irk Ere&leC 

y« 


p«*.h 


Edit. 


Save Report- 
View 

New Window from Here 

Delete 

Rename 

Refresh 

Help 


PD can on I, appty lo the Idbwng grips twy arc! camci/Jer* 


Re m ove 


WMI I Meting 

The GPO is Inked la the folowrig WMI flier 


Open the GPO editor 
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6. Expand User Configuration-^ Expand Policies-^ Windows Settings Scripts Logon 

-^Properties. 


m 


Group Policy Management Editor 


1 


File Action View Help 

+ #| H j»| B m 

if scripts ISYS1.MICROSOFT.COM] Poli 
a Computer Configuration 

> Policies 

> l 3 Preferences 
a 9 ?, User Configuration 

* IB Policies 

t LL Software Settings 
a £ Windows Settings 

Scripts (LogorVLogoff) 
t> a Security Settings 
l> _J Folder Redirection 
t «iu Policy-based QoS 
t d Administrative Templates: Pc 
V £3 Preferences 


Scripts (Logon/logcffj 



Logon 

Display Properties 
Description: 

Contains user logon scripts. 


Name 


Logon 

Properties 

Logoff 


Help 


7. Click Add. 



8. Enter the UNC path for the Script in the shared folder \\SYSl\Userscripts\logon.vbe and click 
0IO Apply and OK. 

Verification: 


1. Go to Member Server and login as USER1 and verify for the Message. 



MCSE Lab Manual 


Page | 206 


www.zoomgroup.com 








ZOOM 


TECH NOLOGIE! 


Lab - 37: Applying Folder Redirection using Group Policy 


Objective: 

To redirect folders of users to servers 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A member server running windows sever 2012 or client running windows 7. 

Topology: 



MICROSOFT.COM 
SYS1 SYS2 

Domain Controller Member Server / Client 


IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 


MCSE Lab Manual 


Page | 207 


www.zoomgroup.com 


0 



ZOOM 


.TECHNOLOGIES. 


Steps: 

1. Go to D.C, create a Shared Folder (Folder Redirection) with everyone Read/Write. 

2. Press Windows Key to go to Start, select Group Policy Management. 


Start Administrator ^ 


L 

T 

4 

♦ 

W 

Server Manager 

WindovM 

PowcfShell 

Administrative 

Took 

Active Directory 
Users and - 

Active Directory 
Module for- 

Q 

m 


if 

a 

Compute^ 

Tadc Manager 


Active Directory 
Sites and. 

Active Directory 
Domains and- 

W 

0 



* 

Control Panel 

Internet Explorer 


Active Dir«ctory 
Administrative- 

AOSI Edit 




E 

jIl 

Desktop 



Group Pokey 
Management 

DNS 


3. Right click OU (Sales)-> Select Create a GPO... 


m 


a File Action View Window Help 

t— ► iB j x Ba 

Group Policy Management 
•* A Forest mtcrosof1.com 
• £ Domains 

* in microsoftcom 

Default Domain Policy 
•V Remove Network Icon 
i- i) Domain Controllers 
I- rj sales 


Group Policy Management 


- ! o * 

l.-.K 


sal#* 


Lrked G"Oup Polcy Guccis Gio 4> p okry Irherflince CwjdLjn j 


1 


3P0 

g Remve Computer 


Erfoiced 

No 


Lh* E 

Yea 


GPO SU:m 
•no tied 


WW PUf 
None 


vfo <* he 

5 / 7/2013 


Create a GPO in mis domain, and Unkit here.. 


► jWMI 

Link an Existing GPO... 


l- 3 Start 

Block Inheritance 


r m Sites 

Group Policy Update... 


l- £ Group Poll 
•Jo., Group Poll 

Group Policy Modeling Wizard- 
New Organizational Unit 


View 

New Window from Here 

Delete 

Rename 

Refresh 

> 


Properties 


Help 


Create a GPO in mis domain and link rt to mis container 
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4. Enter name (Ex: Folder Redirection) and click OK. 



5. Right Click created GPO, select Edit. 


A 


Group Policy Management 

- a 

% File 

Action View Window Help 


1-1' 

<•* 

t ffj X .4 B tfl 




Ji Group Policy Management 


Folder Redirection 


a A Forest microsoftcom 


SOOP* Derals : -JelegalOT 

a Jk Domains 



Jnftn 


a fi mitrosolt.com 


L'tu Hu n th« ©caber 

|mCfOKlt!QOm *[ | 

>~J Default Domain Policy 


Tte it* dcntfw «rd 0 th a* Irked Lu tth QK) 

rj Remove Network Icon 


Location A 

Ertorceti UK Enetoied P«h 


t- aj Domain Controllers 



ajss.t 

No retoTOKlt com/wlM 


a Si sales 






folder Redirection 






► ti»- Group Policy Objects 

Edit- 



t is r WMI Filters 

Enforced 



t 2 Starter GPOs 

"v] Link Enabled 



c Hi Sites 

Save Report.. 



l> Si Group Policy Modeling 

View 


» 


fS& Group Policy Results 

New Window from Here 

<X»y to the fdotfns group* UM*. and compjien 


Delete 





Rename 





Refresh 





Help 








Md j [ Terre ve 



WMI Rltartng 





TtiiGPOh kKedloth^oloUns WMl'tar 




mone> 

*| ! <x* 

Open the GPO editor 


6. Expand User configuration -►Policies-^ Windows Settings-^ Folder Redirection Select 
Desktop Right click Desktop-^ Select Properties 



Group Policy Management Lditor 


i*wm 


File Action View Help 


a® E u □ a 


A Folder Redirection [SVS1 MICROSO 

Name 

a ifc* Computer Configuration 

-i AppDatai; Roaming) 

t- S3 Policies 

| 

1 ■ Preferences 

3 Start Menu 

a 4, User Configuration 

3 Documents 

a iS Policies 

J Pictures 

1- _ Software Settings 

a .1 Windows Settings 

3 Music 

__ Scripts (Logon/logoff) 

3j Videos 

i- a Security Settings 

JJ Favorites 

t _J Folder Redirection 

3 Contacts 

l- J| Policy-based QoS 

3 Downloads 

l> A Administrative Templates: 

J) Links 

f . Preferences 

1 Searches 

U Saved Games 
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7. Select Basic Redirection, select Create a folder for each user under the root path, click 
Browse-^ select the shared folder from Network, \\SYSl\Folder Redirection, click Apply and 
OK. 



Verification: 

1. Login as user (SI) in client system. 

2. Create a folder on desktop. Right Click on the folder properties and check the path, it should 
show Network path (\\SYSl\FolderRedirection\Sl\Desktop). 
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Lab - 38: Applying Auditing Policy 


Objective: 

To apply audit policies to generate events for logon etc 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A member server running windows sever 2012 or client running windows 7. 

Topology: 



MICROSOFT.COM 
SYS1 SYS2 

Domain Controller Member Server / Client 


IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 

1. Press Windows Key to go to Start, select Group Policy Management. 


Start 


Administrator £ 



W 

Server Manager 

WilKkMM 

PottcrShell 

Q 

m 

Computer 

Tadc Manager 

w 

£ 

Control Panel 

Internet Explorer 

Desktop 



ft 


Adri initiative 
Took 


♦ 

w 

Active Directory 
Jocrz ard „ 

Active D rectory 
Module for.. 

tf 

a 

Active Directory 
Sites and*. 

Active Drectory 

Domains and. 

1 

S 

Actoe Directory 
Administrative.. 

ADS1 Edit 

W 

* 

■ 

JHi 

Group Poi.y 
Management 

DNS 


2. Right click Domain Controllers Select Create a GPO... 


{ j/L 

Group Policy Management 

- °l x 1 

j£ File Action View Window Help 


-> 

** » rr| □ X @ □ t* 

i Group Policy Management 

Domain Controllers 


‘ Forest rntcrosoft.com 

Linked Group Policy Objects Group Policy Inheritance Delegation 



* j j microsoft.com 

. ' Default Domain Policy 
• - Domain Controllers 
i.’ Default Domati 
► a. Sales 

l> iQ Group Policy Objer 
L 4WMI Filters 
>■ 3 Starter GPOs 
li Srtes 

•»? Group Policy Modeling 
1 Group Policy Results 


Link fti dei 
1 


GPO 

. D Domain _ 


Enfoiced 

No 


Link Enabled 

Yes 


GPO Status 

Enabled 


Create a GPO in tfsis domain, and Unkit here.. 

link an Existing GPO- 

Block Inheritance 

Group Policy Update 

Group Policy Modeling Wizard . 

New Organizational Unit 
View 

New Window from Here 

Delete 

Refresh 

Properties 

Help 


Create a GPO in this domain and link it to this container 
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3. Enter name (Ex: Auditing User Account Management) and click OK. 


New GPO 

Name 

Auditing Usei Account Management 


Source Starter GPO 



OK 


Cancel 


4. Right Click created GPO, select Edit. 


J, 

Group Policy Management 

— 

<3<|x 

■ ii File Action View Window Help 





«•* 


x li « U 3 


Group Policy Management 
a Forest microsoftcom 
a £ Domains 

* & microsoftcom 

ri' Default Domain Policy 
* SI Domain Controllers 


,J Auditing User Account 
•i Default Domain Controllers 
i- H Sales 

k 'J: Group Policy Objects 
i* _» WVI Filters 
> 3 Starter GPOs 
k Sites 

•6’ Group Policy Modeling 
. Group Policy Results 


Domain Controllers 

Linked Group Policy Otnecw j Group Poky Inhentance [ Pali 


Manage ment 
liters Pol | Edit 


Link filial GPO enforced Link enabled 

1 rj Default Oom am Conlro liars Policy No Yes 

2 ei' Auditing Usei Account Management No Yes 


Edit. 

Enfotced 

| | Link Enabled 

Save Report. 

New Window from Here 

Delete 

Rename 

Refresh 

Help 


Open tne GPO editor 


5. Expand Computer configuration Policies - ^ Windows Settings -^Security Settings - ^ 

Advanced Audit Policy Configuration -^Audit Policies -^Account Management - ^ Right click 

Audit User Account Management Select Properties 


'3 

Group Policy Management Fditor 

| -\a x | 

tile Action View Help 



«■ a [in] l*| □ ra 




Subcategory 

Audit Events 

U? Audit Application Group Management 

Not Configured 

•" Audit Computer Account Management 

Not Configured 

Audit Distribution Group Management 

Not Configured 

U? Audit Other Account Management Events 

Not Configured 

Audit Security Group Management 

Not Configured 

Q Audit Usrr Account Management 

Not Configured 


k j Event Log 
k 4 Restricted Groups 
k 4 System Services 
F It Registry 
l> _a File System 

l- ar Wired Network (IEEE 802.3) Polices 
!■ J Windows Firewall with Advanced Security 
3 Network list Manager Policies 
k li Wireless Network (IEEE 802.1 1) Policies 
I- J Public Key Policies 
P 13 Software Restncbon Policies 
v J Network Access Protection 
k m! Application Control Policies 
k S IP Security Policies on Active Directory (MICROSOFT 
* J Advanced Audit Policy Configuration 
a 1 % Audit Policies 
k Account Logon 
k id Account Management 
k ji Detailed Tracking 
k ji DS Access 
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6. Check the box, Configure the following audit events and Select Success and Failure. 



Verification: 

1. Login as Administrator on D.C, go to Active Directory Users and Computers and delete a user 
(SI). 


Active Directory Users and Computers 


°l 


file Action View Help 

«•* mM •< o x 

2 Active Directory Users am 
t _ Saved Queries 
* & mierosoftcom 
i- ifl Builtin 
v ■ Computers 
I- m Domain Controllers 
r Cj ForeignSecuntyPrirx 
y C3 Managed Service A< 
a Sales 
i- lA Users 


ill 


I iS L#| 

Name'" 
is3 
is 2 

1ST 


B m * * a r 2k 

Type Description 

User 

User 

Copy... 

Add to a group... 

Disable Account 
Reset Password 
Move... 

Open Home Page 
Send Mail 
All Tasks 
Cut 

Delete 
Rename 

Properties 

Help 


Deletes the current selection 
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2. Go to Start, Type Event in Search Apps and select Event Viewer 


Apps 


Results for "event 


0 


Event Viewer 


Search 

Apps 

[jg] Apps 

Settings 
|» Files 


HZ 


e 


Internet Explorer 


Expand Windows Logs Security and select the Event Audit Success Properties 

-a x 


B 

File Action View Help 

•¥ a nj B |m| 

IS Event Viewer (Local) 

I- t Custom Views 
■* %. Windows logs 
0 Application 
jkl Security 
6 Setup 
W System 

(3 forwarded Events 
l> 3 1 Applications and Services Logs 
Q Subscnptions 


Event Viewer 


Security Number of events; 183,383 

Keywords 

Date and Time 

Source 

Event ID 

Audit Success 

8/1/2014 6 03:51 PM 

Microsoft.. 

4726 

Audit Success 

8/1/2014 6:03:47 PM 

Microsoft . 

4722 

4, Audit Success 

8/1/2014 603:47 PM 

Microsoft ... 

4738 

^ Audit Success 

8/1/2014 6:03:47 PM 

Microsoft ... 

4738 

Audit Success 

8/1/2014 603:47 PM 

Microsoft .. 

4738 

4. Audit Success 

8/1/2014 603:47 PM 

Microsoft .. 

4724 

Audit Success 

8/1/2014 6:03:47 PM 

Microsoft 

4720 

Audit Success 

8/1/2014 603:22 PM 

Microsoft ... 

4722 

4. Audit Success 

8/1/2014 6.03:22 PM 

Microsoft ... 

4738 


in 


Event 1726 V ccscn .V -ocwr secuot) ajd t ng 


General 

Details j 





A user account was deleted. 

A 

V 

log Name: 

Security 


Source: 


Microsoft Windows sei logged: 8/1/2014 63)3:51 PM 

Event ID: 

4726 

Task Category: User Account Manac 

Level: 


Information 

Keywords: Audit Success 

User 


N/A 

Computer syslmicrosoftcom 

Opcode: 

Info 


Mote Information: 

Event Loq Online 



Actions 


Security 

* 


Open S_ 


T 

Create _ 



Import ... 



Clear L.. 


r 

Filter C. 


0 

Propert. 


« 

find- 


u 

Save At 



Attach.. 



View 

► 

a 

Refresh 


□ 

Help 

► 

Event 47... 

•A. 

m 

Event P.„ 


3 

Attach .. 



Copy 

► 

u 

SaveS- 


rt 

Refresh 



Verify the event displaying user si deleted by Administrator. 


a 


Event Properties Event 4726, Microsoft Windows security auditing. 


■ 


General [Details 


Target Account: 

Security ID 


Account Na 


Account Domain: 


S-1-5-21-3747230667-3228975641-18003S4332-1 1 14 
MICROSOFT 


Log Name: Security 

Source Microsoft Windows set logged: 8/1/2014 6:03:51 PM 

Event ID: 4726 Task Category User Account Management 

Level: Information Keywords: Audit Success 

User N/A Computer: syslmicrosoftcom 

Opcode: Info 

More Information: Event Loo Onl ine 


4 

a 


Coay 


Close 
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Lab - 39: Configuring Preferences using Item-level targeting 


Objective: 

To configure group policy preferences 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A computer running windows 2012 server or Windows 7. 

Topology: 



MICROSOFT.COM 
SYS1 SYS2 

Domain Controller Member Server / Client 


IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 

1. Press Windows Key to go to Start, select Group Policy Management. 


Start 



T 

ft 

Server Manager 

WindiMS 

PoMcrShell 

Adrr iinivUatoe 

Took 

Q 

m 


Computer 

Tadc Manager 


w 

£ 


Control Panel 

Internet Explorer 


Desktop 

Sniiiwn ml 



Administrator ^ 



T 

Active Directory 
Users and - 

Active Directory 
Module for- 

tf 


Active Directory 
Sites ard- 

Active Directory 
[terrains and. 

1 

f 

Actoe Directory 
Administrative.. 

ADS1 Edit 

M 

* 

H 

Group Poi.y 
Management 

DNS 


2. Right click Sales ou-> Select Create a GPO... 


A 

Group Policy Management 

_ a 

1 * 


it. File Aaion View Window Help 


X 

4 »*| £[®1 Q| X 1 is □ 3 






a, Group Policy Management 
* A Forest microsoftcom 
a * Domains 

a is microsoftcom 

•j‘ Default Domain Policy 
n Remove Access to Control Panel 
t 83 Domain Controllers 

a (at Sales 

Create a GPO in this domain and Link it here.. 
Link an Existing GPO.. 

Block Inheritance 
Group Policy Update... 

Group Policy Modeling Wizard.. 

New Organizational Unit 
View 

New Window from Here 
Delete 
Rename 
Refresh 
Properties 
Help 


< [ III > 

Create a GPO in this domain and link it to this container 


a R< 
t- „"■} Grou 
c *WMI 
t- 13 Start< 
u la Sites 
fff Group Polic 
Group Polic 


Sales 


i nked Group Policy OtverR Group Policy Inhantanc® Delegation 


LinkClrder GPO Enforced Link Enabled GPO Status WMIF 

V. Remove Comp.. No Yes Enabled None 
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3. Enter name (Ex: Preferences Map Network Drive) and click OK. 


New GPO 


x 


Name 

Preferences Map Nefovoik Drive! 


Source Starter GPO 

(none) 



Cancel 


Right Click created GPO, select Edit. 


Group Policy Management 


-l°l 


file Action View Window Help 

a[ir] Xi Bus 


at Group Policy Management 
•* A Forest: microsoft.com 
* Domains 

* fi microsofuom 

. Default Domain Policy 
. Remove Access to Control Panel 
i il Domain Controllers 
4 ai Sales 


. Preferences Map Network Drive 
a! Remove Computer Icon 
t 1 Group Policy Objects 

i T WMI Filters 

[» 3 Starter GPOs 
t> 4 b Sites 

jl? Group Policy Modeling 
Bi, Group Policy Results 


Preferences Map Network Drive 

Scope Derate | SeSings | Deleg a lion | 

Links 

Duplay links in ihis location- 
T ha following s les. domains, and O Js are ImKedto tin GPO: 


micros ofl com 


Location 

a^Sales 


Enforced 

No 


Link Enabled 
Yes 


Path 

micros oft com/S«les 


Edit.. 


Enforced 
Link Enabled 
Save Report- 
View 

New Window from Here 

Delete 

Rename 

Refresh 

Help 


pply to the following groups, users, and computers- 



Add 

Remove 


Piopeities 




W Ml I ihenng 

This GPO is inked to the following WMI filter 


Open 


Open the GPO editor 


Expand User configuration -^Preferences-^ Windows Settings Right click Drive Maps-^ 
Select New Mapped Drive 


Group Policy Management Editor 


I — 


File Action View Help 

+ +\ al®] 4D 

=j Preferences Map Network Drive 
■* A- Computer Configuration 
k «j Poliaes 
i i Preferences 
■* A User Configuration 
fc 2j Policies 
4 it Preferences 

4 j . Windows Settings 
V; Applications 
|af Drive Maps 
1H Environme 
Iff Files 
SJ Folders 
9 Ini Files 
& Registry 
Ifi Shortcuts 
i Control Panel 




Order Action Path Reconnect 

There are no items to show in this view. 


New 

* 

All Tasks 

» 

View 

fr 

Copy 


Print 


Refresh 


Export List.. 


Help 


Mapped Drive 
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6. In Action select Create, Enter Location: (\\sysl\userdata), select Drive Letter X:-^OK 



7. Select Common tab and check box Item-level targeting, click Targeting... 


New Drive Properties 

General Common 

OpOons common to all tome 

stop processing items i n this extension tan error occurs 
3 b» in logged-on user's security context (user policy option) 
PI Remove this Item when It is no longer applied 

Apply once and do not reapply 

lemjexel torgeOng Targeting... 

Description 



OK Cancel Apply Help 
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8. Select New Item select Operating System 


Me Action View Help 

a |rr| □ • n . *• D 

jl Prefer ences Map Ne 
• A Computer Configi 
V M Polices 
i I Preterencei 
‘ A UserConfiguratio 


■ PolKies 
- Preterencei 
■< j Windows Si 
til Applicol 

si Drive Mi 

33 Irwronrt 
Files 

Zf Folders 
3 Ini Filet 
I «T Registry 
a Slrortcut! 
i la Control Pen 


New Item 


□ 

■i 

is 

9 


9 


* 

«] 

0 

a 

■o 

J pc 

DrveMtp* 31 


Group Policy Management ( drtor 


O x 


Battery Present 
Computer Name 
CPU Speed 
Date Match 
Disk Space 
Domain 

Environment Variable 
File Match 
IP Address Range 
language 
LDAP Query 
MAC Address Range 
MSI Query 
Network Connection 
Operating System 
Organizational Unit 
PCMCIA Present 
Portable Computer 
Processing Mode 
RAM 

Registry Match 
Security Group 
Site 

Terminal Session 
Time Range 
User 

WMI Query 



9. Select Product: WindowsServer2012Family, Edition: Standard, Computer Role: Member 
Server, click OK. 



Verification: 


1. Login as user (SI) to Member Server. 
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Lab - 40: Creating Forest Trust 


Objective: 

To create trust between two domains so that users from one domain can be authenticated from 
another 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running Windows Server 2012Domain Controller for MICROSOFT.COM. 

• A computer running Windows Server 2012 Domain Controller for IBM.COM. 

Topology: 



MICROSOFT.COM 


IBM.COM 


SYS1 


SYS2 


Domain Controller-MICROSOFT.COM 

IP Address 10.0.0.1 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 

Alternate DNS 10.0.0.2 


Domain Controller-IBM.COM 

IP Address 10.0.0.2 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.2 

Alternate DNS 10.0.0.1 
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Steps: 

1. Go to Active Directory Domains and Trusts, 


Start 



Administrator ^ 

& 

" ft 

1 ♦ 

V 



Windows AUm initiative Active Directory 

Active Directory 


Server Manager 

PowcrShell Took 

ikers and.- 

Module for- 



m 

if 

a 




Active Directory 

Act** D rectory 


Computer 

Manager 

Sites arc- 

Domains and- 


P 

£ 


9 




Active Directory 



Control Panel 

Interne: Explorer 

Administrative- 

ADSI Edit 




m 

* 




w 

M 

■Hi 




Group Pokey 



Desktop 

|wa a ■ — 

Management 

DNS 



2. Right click the Domain name and select Properties. 


H Active Directory Domains and Trusts — I o 1 

File Action View Help 

a Is) Bii Dl 
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3. Verify Domain and Forest functional level to be Windows Server 2012. 


microsoft.com Properties 


General j Trusts [ Managed By 
f 1 *!* Microsoft com 


Domain name (pre-Windows 2000): 


MICROSOFT 


Description: 


Domain functional level : 
Windows Server 2012 


forest functional level: 
Windows Server 2012 


OK 


Cancel 


Apply 


Help 


4. Select T rusts tab. Click New T rust. 


microsoft.com Properties 


General 


i Trusts | 


Managed By 


Domains trusted by this domain (outgoing trusts): 


Domain Name 


Trust Type Transitive 


Domains that trust this domain (incoming trusts): 


Domain Name 


Trust Type Transitive 


New Trust... 


OK 


Cancel 


Apply 


Properties 


Remove 


Properties 


Remove 


Help 
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5. On Welcome wizard, click Next. 


New Trust Wizard 



Welcome to the New T rust 

Wizard 


This wizard helps you create a trust between this domain 
and any of the following : 


■ A Windows domain in this forest or in another forest . 


■ A Windows NT 4 0 domain 


■ A Kerberos V5 realm trust. 


■ Arotherforest 


A trust is a relationship that enables users in one domain, 
forest, or realm to be authenticated in a specified domain, 
forest, or realm 

To continue, click Next. 


< Back 

Next ? 


Cancel 


6. In Trust Name, enter name of other Forest IBM.COM and click Next. 


New Trust Wizard 


Trust Name 

You can create a trust by using a NetBIOS or DNS name 


Type the name of the domain, forest, or realm forthis trust. If you type the name of a forest, you 
must type a DNS name 



Example NetBIOS name supplierOI-irrt 

Example DNS name: supplierQI-intemal.microsoft.com 

Name 

ibm.com 


< Back 

; Next > 


Cancel 
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7. Select Forest trust and click Next 


New Trust Wizard 



Trust Type 

This domain is a forest root domain, tf the specified domain qualifies, you can 
create a forest trust. 



Select the type of trust you want to create 
O External trust 

An external trust is a nontransitive trust between a domain and another domain 
outside the forest . A nontransrti ve trust is bounded by the domains in the relationship . 

•?. To rest trust”’ 

|A forest trust is a transitive trust between two forests that allows users in any of the j 
domain s in. one forest tq.be. authentic ated jn any, of . the dojroins_ln^ejMher to nest . j 


< Back 

Next > 


Cancel 


8. Select Two-way and click Next. 


New Trust Wizard 



Direction of Trust 

You can create one-way or two-way trusts, 



Select the direction for this trust . 

< • ) [Two-way 1 

lUsers in this domain can be authenticated in the specified domain, realm, or 
forest, and users in the specified doman. realm, orforest can be authenticated in j 
Ns. dqmon._... j 

C One-way: incoming 

Users in this domain can be authenticated in the specified domain, realm, orforest. 
O One-way: outgoing 

Users in the specified domain, realm, orforest can be authenticated in this domain 


< Back 

Next > 


Cancel 


MCSE Lab Manual 


Page | 225 


www.zoomgroup.com 






9. Select Both this domain and the specified domain and click Next. 


New Trust Wizard 



Sides of Trust 

tf you have appropriate permissions in both domains, you can create both sides of 
the trust relationship. 



To begin using a trust, both sides of the trust relationship must be created For example, 
if you create a one-way incoming trust in the local domain, a oneway outgoing trust 
must also be created in the specified domain before authentication traffic will begin 
flowing across the trust 


Create the trust for the following: 

O Ibis domain only 

This option creates the trnst relationship in the local domain. 


® jBoth this domain and the specified domain 

jThis option creates trust relationships in both the local and the specified domams. 
jYou must have trust creation privileges in the specified domain 


< Back 

Next > 


Cancel 


10 . 


Enter Administrator and Password of Specified domain:IBM.COM and click Next 


New Trust Wizard 


User Name and Password 

To create this trust relationship, you must have administrative privileges for the 
specified domain. 



Specified domain: ibm.com 

Type the user name and password of an account that has administrative privileges in 
the specified domain. 

LJser name: 

Password: 



< Back 


Next > 


Cancel 
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11. Select Forest-wide authentication for Local Forest and click Next. 


New Trust Wizard 



Outgoing Trust Authentication Level— Local Forest 

Users in the specified forest can be authenticated to use all of the resources in the 
local forest or only those resources that you specify 



Select the scope of authentication for users from the ibm com forest 


'• [Forest -wide authentication 

Windows will automatically authenticate users from the specified forest for all resources ini 
the local forest. This option is preferred when both forests belong to the same 
brgarizatioru 


O Selective authentication 

Windows will not automatically authenticate users from the specified forest for any 
resources in the local forest. After you finish this wizard, grant individual access to each 
domain and server that you want to make available to users in the specified forest . This 
option is preferred if the forests belong to different organizations. 


< Back 

Next > 


Cancel 


12. Select Forest-wide authentication for Specified Forest and click Next. 



New Trust Wizard 

Outgoing Trust Authentication Level -Specified Forest 

Users in the local forest can be authenticated to use all of the resources in the 
specified forest or only those resources that you specify 

Select the scope of authentication for users from the local forest. 


'• Forest -wide authentication 

Windows will automatically authenticate users from the local forest for all resources in the 
ibm.com forest. This option is preferred when both forests belong to the same 
organization 

O Selective authentication 

Windows will not automatically authenticate users from the local forest for any resources 
in the ibm.com forest. After you finish this wizard, grant individual access to each domain 
and server that you want to make available to users from the local forest This option is 
prefenred if the forests belong to different organizations. 
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13. Verify the Trust Selections and click Next. 


New Trust Wizard 



Trust Selections Complete 

The New Trust Wizard is read)' to create the trust. 



You have selected the following trust settings: 


[This domain: micrasoft.com 

A 

Specified domain: IBM.COM 


Direction. 

= 

Two-way: Users in the local domain can authenticate in the specified domain and 


users in the specified domain can authenticate in the local domain. 


Trust type Forest trust 

V 


To make changes to this trust, dick Back. To create the trust, dick Next. 


< Back 

Next > 


Cancel 


14. Verify the Summary and click Next. 


New Trust Wizard 



Trust Creation Complete 

The trust relationship was successfully created. 


Status of dianges: 

[Trust relationship created successfully. 

Specified domain: ibm com 

Direction: 

Two-way: Users in the local domain can authenticate in the specified domain and 
users in the specified domain can authenticate in the local domain . 

Trust type Forest trust 

Outgoing trust authentication level: Forest-wide authentication in local and 
specified forests. 


To configure the new trust, click Next 


< Back 

Next > 


Cancel 
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15. Select Yes, confirm the outgoing trust and click Next. 


New Trust Wizard 



Confirm Outgoing Trust 

You should confirm this trust only if the other side of the trust has been created 



Do you want to confirm the outgoing trust? 
O No. do not confirm the outgoing trust 
Yes. confirm the outgoing trust; 

aWTTNea. ■ • iaai ■ »aa« • iaaai • taai • taai i • taat • .aa* • (flai • *aa> .TWa. i • iaa« i laa* 


To confirm the trust now. click Next. 


< Back 

Next > 


Cancel 


16. Select Yes, confirm the incoming trust and click Next. 


New Trust Wizard 


Confirm Incoming Trust 

You should confirm this trust only if the other side of the trust has been created. 



Do you want to confirm the incoming trust 7 
C No, do not confirm the incoming trust 
iYes confirm trie incoming trust; 


To confirm the trust now. click Next. 


< Back 

Next > 


Cancel 
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17. Click Finish. 


New Trust Wizard 



Completing the New Trust 
Wizard 

You have successfully completed the New Trust Wizard. 


Status of changes. 

The trust relationship was successfully created and ^ 
confirmed. 

Route these names to the specified forest: 

"‘.ibm com 

Route these names to the local forest: 

■*.microsoift com 

v 


To close this wizard, dick Finish. 


< Back 

Finish 


Cancel 


18. Check Outgoing and Incoming Trusts and click OK. 


microsoft.com Properties 


General 


Trusts 


Managed By 


Domains trusted by this domain (outgoing trusts): 


Domain Name 


Tiust Type Transitive 


ibm com 

Forest Yes 

Domains that trust this domain (incoming trusts}: 

Domain Name 

Trust Type Transitive 

ibm com 

Forest Yes 


Properties 


Remove 


Properties 


Remove 


New Trust. 


1 
i 


OK 


Cancel 


Apply 


Heip 
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Verification: 


1. Try to Logon on to MICROSOFT.COM domain computers or IBM.COM domain computers as 
other Domain Users. 

Note : By default Users cannot log on to D.C. 

2. Log in as MICROSOFT Administrator to MICROSOFT.COM D.C and allow IBM users to log on to 
D.C using Domain Controller Security Policy in Group Policy Management. (Allow Logon 
Locally Policy) 

3. Similarly allow MICROSOFT.COM users to log on to IBM.COM D.C using Domain Controller 
Security Policy of IBM.COM D.C. 



0 
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Lab - 41: Active Directory Recycle Bin 


Objective: 

To enable active directory recycle bin for restoring deleted objects in AD 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running Windows Server 2012 Domain Controller. 

Topology: 



MICROSOFT.COM 

SYS1 

Domain Controller-MICROSOFT.COM 

IP Address 10.0.0.1 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 
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Steps: 


1. 

2. 


3. 


Log in as Administrator to the Domain Controller (SYS1). 
Go to Start, select Active Directory Administrative Center. 


Start 




administrator 

•I 

r 

Q 

a 



TT 

* 


PowerShel 

Corrput er 

Administrate 

Tools 


Active Directory 
Users and - 

Active D rectory 
Module for- 

Fde Server 

Resource- 

DHCP 

* 

m 


if 

iSJ 



Ta± Manager 

Control Panel 


Active Directory 

Sites and- 

Active Directory 
Domains and- 

internet 

Information.. 

Cert fi cation 
Authority 




... pmj 1 



& 

Internet E>$4orer 



4 

Active Directory 
Administrative. 

ADSI Edit 



PRIVATE 


ft 

jL 



10.0.0.2 

Desktop 


Group Pokey 
Management 

DNS 




In Active Directory Administrative Center, select Microsoft (Local), Click Raise Domain 
Functional Level, select Windows Server 2012. 


4. Click Raise Forest Functional Level, select Windows Server 2012 and refresh. 

5. Click Enable Recycle Bin 



Active Direaory Administrative Center 

=1*J x 


’ Active Directory Administrative Center ► microsoft (local) ► 

* (?) | Manage Help 


Active Directory... < 


I Overview 


I microsoft (local) 


■ Dynamic Access Con... ► 
P Global Search 


microsoft (local) (12) 



Tasks 

ta 


filter 

P (g 

- (S) - ® 





Builtin 

A 

Name 

Type 

Description 

New 

» 

1 f 1 Button 

burton [fom— 


Delete 


!■ Computers 

iS Domain Controllers 
to FofcagnSecuntyPrmcipak 

Cortteiner 

Organizati.. 

Container 

Default container lor upgr— 

Default cent* ner for dom- 

Defautt cent* net lor secur_ 

Search under this node 

Properties 


1 Infrastructure 

mfraUructu... 


microsoft (local) 

A 

to lostAndfound 

kwtAndfou... 

Default container for o'p*- 

Change domain control 1... 


to Managed Service Accounts 

Container 

Defautt container for man. 

Raise the forest function... 


to NTDS Quotas 

to Program Data 
to System 

msDS Qua. 

Container 

Quota speofi canons conta- 

Defautt location for rtorag 

Sultin system settings 

Raise the domain functi ... 


Container 

Enable Recycle Bin _. j 

to TPM Dews 

msTPM-Inf.. 


New 

► 

to Users 

Container 

Default container for upgr_ 

Search under this node 


Builtin 


V 

Properties 


Object class: builtin Domain 

Modified: 5/10/2013 5:11 PM 



Description: 

1 '1' 






Summary 


WINDOWS POWERSHELL HISTORY 
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6. Click OK to confirm the Enable Recycle Bin feature. 


Enable Recycle Bin Confirmation 



Are you sure you want to perform this action? Once Recycle Bin 
has been enabled, it cannot be disabled. 


OK 


Cancel 

rr 


7. Click OK, and Refresh Active Directory Administrative Center now. 


Active Directory Administrative Center 


j Please refresh AD Administrative Center now, 

AD DS has begun enabling Recycle Bin for this forest The Recycle 
Bin will not function reliably until all domain controllers in the 
forest have replicated the Recycle Bin configuration change. 


f 

i 


s 

■ S . yy i ’ -' VTy r— , ; 


OK 


8. Go to Start, select Active Directory Users and Computers. 


Start 




administrator 

•I 



ft 




* 


*r 

a 

till 1 ” 1 






Window* 

PowerShel 

Corrputer 

Administrative 

Took 


Active Directory 
Users and « 

ActK« D rectory 
Module for,. 

Fde Server 

Resource.- 

DHCP 


m 



41 

% 

F* 

Ta-Jc Manager 

Control Panel 


Active Directory 

Sites arc.- 

Active Deectory 
Domains aro_ 

internet 

information.- 

Cert fi cation 
Authority 

£ 



1 

V 



Internet Exptorcr 



Active Directory 
Administrative. 

ADSI Edit 



PRIVATE 



i 



10.0.0.2 

Desktop 


Group Pokey 
Management 

DNS 
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9. Right click User (Userl) and select Delete, click Yes to confirm the deletion. 



Active Directory Users and Computers 

- P • X 

File Action View Help 

** staJ Jt □ KEIgi Q ' 




3 Active Directory Usees an< 
t d Saved Queries 
-* A microsoft.com 
(- S Builtin 
5 i. Computers 
► A Domain Controllers 
t 1 Foreign SecurityPrinr 
t 3 Managed Service Ai 
£ Users 


: L 


Name 
& UserS 
i User* 
& User3 
l User2 


Type 

User 

User 

User 

User 


Description 


It Schema 
It Read -or 
H.RAS anc 
.*. Guest 

It Group t> 
**, Fnterpri 

Copy- 

Add to a group.. 

Disable Account 

Reset Password... 

Move- 

Open Home Page 

Send Mail 

ad mini- 

this gr_ 
is grou. 

)unt for... 

this gr,. 
this gr.. 

•. tnterpr 

All Tasks * 

ad mini- 

it Domain 

Cut 

users 

itDomain 

Delete 

guests 

it Domain 

Rename 

contrail.. 

it Domain 

Properties 

ions an. 

it Domain 

Help 

admmi- 


M. DnsUpdat- Security Gr- 
S^DnsAdmins Security Gr. 
HL Denied R_. Security Gr_. 
iLCIoneable... Security Gr.. 
•LCert Publi.. Security Gr. 
il Allowed .. Security Gr.. 
& Administr... User 


DNS clients who ar.. 
DNS Administrator. 
Members in thts gr... 
Members o( this gr.. 
Members of this gr_. 
Members in thts gr... 
Built-in account for... 


Deletes the current selection. 


10. Go to Active Directory Administrative Center, select Microsoft (local), Deleted Objects 


Container 





Active Directory Administrative Center 

- J - 1 


’ Active Directory Administrative Center * microsoft (local) ► 

♦ (5) 1 Manage Help 

J Active Directory... < 

microsoft (local) (13) 


Tasks 

U £ 


Fitter 

P (ffl) ^ ^ v. 

a 

■ Overview 



Deleted Objects * 

fQl microsoft (local) 

Name 

Type Description 

New 

■ Dynamic Access Con... ► 

to Buftm 

builtJnDom... 

** 

Delete 

D Glnhal ^PJirrh 

to Computers 

Container Default cont*ner tor upgr... 


Search under this node 



r 1 Deleted Objects 

Container Default container for dclct-. 




tf Domain Controllers 

Otpnuati.. Default container far dom.„ 


Properties 



H ^cxeignS^cuiityflrKKipate 

Container Default contar net for secur-. 


microsoft (local) A 



| nfr«5tructurc 

infrastructu... 

z 

Change domain controll... 



Ml Los tAnd Found 

toitAndf ou ... Default cent* ner for o rpn . 


Raise the forest function... 



!■ Managed Service Accounts 

Container Default ccntaner form an.. 








Raise the domain functi... 



NTDS Quotas 

mcDS-Quo.. Quota specifications conta. 





to Program Data 

Container Default location for storag. 


Enable Recycle Bin 



to System 

Container Boltin system settings 


New > 



to TPM Devcn 

mi TPM* Inf- 








Search under this node 



to Jsers 

Container Default ccntaoer for upqr... 

v 




Dented Objects 


V 

Properties 



Object class: Container 

Modified: 5/10/2013 5:11 PM 




Description: Default container for deleted objects 




5ummary 
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11 . 


Select the User account (Userl) to be restored, right click and select Restore. 



0: Active Directory... < Dieted Objects (1) Tasks 


Fillet 


I Overview 


11 1 miuosoft (local) 


Deleted Objects 

■ Dynamic Access Con... » 
P Global Search 


p {■)»•<■)* 

Dieted Last IcnoMrn pa . Type 


Restore 
Restore To.., 


Locate Parent 
Properties 


Dftwphan 


ta 

Userl 
Restore 
Restore To-. 

Locate Parent 
Properties 
Deleted Objects 
New 
Delete 

Search under thts node 
Properties 


< 1 


■ 


> 

Userl 




V 

User logon: 

Userl 

Expiration: 

<Never> 


E-mail: 


Last log on: 

5/11/2013 8:53 PM 


Modified: 

5/14/2013 628 PM 




Description: 






Summary 


WINDOWS POWERSHEU HISTORY 


Verification: 


1. Go to Start, Select Active Directory Users and Computers, and verify for the restored user 
account. 


Active Directory Users and Computers 


I 1 


File Action View Help 

<h* a[®l x o x® g M Q m nsTi \ 


J Active Directory Users are 

Name’ Type 

Description 

t 1 Saved Queries 

l User5 User 


Si microsoit.com 

5 , User4 User 


v 18 Builtin 

.!. User3 User 


P 9 Computers 

■i User2 User 


P aj Domain Controllers 




P ill ForeignSecurftyPrire 



p iM Managed Service A. 

■l Schema A_ Security Gr- 

Designated ad mini.. 

9 Users 

ftRead onl SecurityGr. 

Members of thisgr. 


4*. RAS and 1... Security Gr_. 

Servers in this grou... 


I* Guest User 

Built-in account for.. 


ft Group Pol. Security G r„ . 

Members in this gr.. 


ft Enterprise- Security Gr.. 

Members of this gr.. 


ftEnterprise. SecurityGr. 

Designated admini. 


ft Domain U._ SecurityGr.. 

All domain users 


ft Domain G.. SecurityGr.. 

All domain guests 


ftDomainC. SecurityGr.. 

All domain controll... 


ft Domain C_ SecurityGr.. 

All workstations an... 


ft Domain A. Security Gr.. 

Designated admini. 


ftDnsUpdat. SecurityGr. 

DNS clients who a r.. 


ftDnsAdmins Security Gr- 

DNS Administrator- 


ft Denied R. SecurityGr. 

Members in this gr.. 


ftCloneable.. SecurityGr.. 

Members of this gr.. 


ftCertPubli.. SecurityGr.. 

Members of this gr_. 


ft Allowed ... SecurityGr.. 

Members in this gr.. 


•i Admmistr... User 

Buiii-m account for- 

<L '• 



1 III 
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Lab - 42: Verifying Global Catalog Server 


Objective: 

To verify global catalog server 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

Topology: 


MICROSOFT.COM 

SYS1 

Domain Controller 

IP Address 10.0.0.1 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 
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Steps: 

1. Go to Active Directory Sites and Services. 



Start 


Administrator A 


L 

w 

Server Manager 

Windows 

PowtfShell 

Q 


Computer 

Tadc Manager 

W 

£ 

Centre! Panel 

Interne: Explorer 

Desktop 



Administrative 

Tools 


Active Directory 
Jeers and .. 

w 

ActMv Directory 
Module for.. 

(f 

Active Directory 
Sites and.. 

£ 

Active Daectory 
domains and- 

Active Directory 
Administrative-. 

9 

ADSI Edit 


W 

jfc 

Group Pokey 


Management 

DNS 


2. Expand the Sites “^Default-First-Site-Name-^Servers-^Server Names -^NTDS Settings. 

3. Right click NTDS Setting and Properties, If the checkbox Global Catalog is checked, then it is a 

Global Catalog Server. 


General 


NTDS Settings Properties 

Cotmectiona | Object | Security | Attribute Editor 




NTDS Settings 


Description: 

Query Policy: 

DNS Alias: 

0 Global Catalog 


The amount of time it will take to publish the Global Catalog vanes 
depending on your replication topology. 


481 3C8A0-DCB 1 -4429-AC E4-677BA&D 98 7SE msdcs n 


OK 


Cancel 


AppV 


Help 
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Lab - 43: Creating Active Directory Sites 


Objective: 

To create active directory sites to manage servers in branches 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

Topology: 


MICROSOFT.COM 

SYS1 

Domain Controller 

IP Address 10.0.0.1 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 
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Steps: 

1. Logon to D.C as Administrator, go to Start, Active Directory Sites and Services. 


2. 


Start 


Administrator ^ 

L ■ ft 

Window* Administrative 

Server Manager PowcrShcll Took 

T 

Active Directory Active Directory 

Users and .. Module for.. 

O <9 

Computer Ta:i Manager 

iif J9 

Active Directory Ait** Directory 

Sites ara.M Domains arc- 

w 0 

Control Panel internet Explorer 

i n 

Active Directory 

AdministraCve- ADSI Edit 

Desktop 


jIl 

Group Pokey 

Management DNS 


Right click Sites-^ New Site. 

WIT 

Active Directory Sites and Services 

File Action View Help 

affl xjaj u beI 2 

Kid Active Directory Sites and Sen 

Name Location 

Type Description 

i Sites 

—iSnhnets 

Subnets Co... 


Delegate Control... 

New Site.. 


Find.. 


New ► 

All Tastes ► 


View ► 


Refresh 

Export List.. 


Properties 

Help 


It-FL 


Inter Site Tr.. 
Site 
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3. Enter the site name (INDIA) and select DEFAULTIPSITELINK and click OK. 


New Object - Site 


I 


Create in : microscft .c om .■'Co nfig li ration /Sites 


Name 


INDIA 


Select a ate link ob|ect for this site. Site link objects are located in the 
Sites/Inter-Site Transports container 


Link Name 


Transport 


1! 


DEFAULTIPSITELINK 


OK 


Cancel 


4. Site INDIA will be created, click OK. 


Active Directory Domain Services 



a Site INDIA has been created. To finish configuration of INDIA: 

Ensure that INDIA is linked to other sites with site links as 
appropriate. 

Add subnets for INDIA to the Subnets container. 


Install one or more Domain Controllers in INDIA, or move existing 
DCs into the site. 


You will not see this message again until the next time you start 
Active Directory Sites and Services. 


OK 

: 


Help 


5. Similarly create another site (USA) 
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6. Expand Default-First-Site-Name-> Expand Servers-^ Right click Server (SYSl)->Move 


Be 

Active Directory Sites and Services 

-JM x | 

file Action View Help 

«>4| all * x B 




Active Directory Sites and Serv 
a j Sites 


Name 

|if NIOSSet.. 


Type Description 

Domain Co.. 


► l£ Subnets 

► l_ Inter Site Transports 

t & Default-First-Site-Name 
* IB Servers 
t- 1 M SYS1 

» £ USA Find 

► fl INDIA Move.. 


New 

» 

All Tasks 

» 

View 

► 

Cut 


Delete 


Rename 


Refresh 


Export List.. 


Properties 

Help 


7. Select the Site (INDIA) and click OK. 



8. Server is now moved under INDIA site. 
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Lab - 44: Creating Active Directory Site-Links 


Objective: 

To create site links to configure replication between servers in different sites 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

Topology: 


MICROSOFT.COM 

SYS1 

Domain Controller 

IP Address 10.0.0.1 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 
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Steps: 
1. 

2 . 


Log on to D.C as Administrator 

Go to Active Directory Sites and Services Expand Sites Expand Inter-Site Transports 
Right click IP Select New Site Link. 


File Action View Help 

m\M xa && QgTi 


Active Directory Sites and Services 


I — 


Active Directory Sites and Sen 
U3 Sites 

i i« Subnets 

•* ‘ Inter Site Transports 

■ >1 

Name 

?? DEFAULT!... 

F 2 SF 

New Site link. 

f iS Deta 

New Site Link Bndge.. 

v £ USA 

Find... 


► 5 INDi 

New 

» 


All Tasks 



View 

P 


Refresh 



Export List... 



Properties 



Help 



type 


Description 


Cost 

100 


Replication Interval 
180 


Create a new object. 


3. Enter the name (INDIA-USA Link), select INDIA and USA sites and click Add-> click OK. 


New Object - Site Link 

Create in; microsoft.com/Configuration/Sites/lriter-Site 



Name 


USA-INDIA 


Sites not in this site link. 


Sites in this site link; 


Default-First-Srte -Name 



< 

III 


> 


Add >> 


Remove 


A site link must contain at least two sites. 


OK 


Cancel 
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4. Right click INDIA-USA Link, select Properties. 


5. 


B- 


Active Diiectory Sites and Services 


File Action View Help 

+ 4| Xlik*| Dal 3 


Etc Active Directory Sites and Sen 

Name Type 

* i3 Sites 

HDEFAULTI.. Site Link 

t> 9 Subnets 

EuSA- INDIA Site Link 

* _! Inter-Site Transports 


l3 IP 


> a SMTP 


t> IS Default-First-Site-Name 


t> S USA 


t> B INDIA 



Click Change Schedule. 


Description Cost Replication Interval 

IOC 180 


100 180 


Delete 

Rename 


Properties 



Help 



6. Select the Interval of Time for Replication Available, click OK-^OK. 
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Lab - 45: Installing Read Only Domain Controller 


Objective: 


To install read only domain controller in branch offices 


Pre-requisites: 


Before working on this lab, you must have 


A computer running windows 2012 server Domain Controller. 


A computer running windows 2012 server. 


Topology: 



SYS1 



SYS2 


MICROSOFT.COM 


SYS1 


SYS2 


Domain Controller 


Read Only Domain controller 

IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.2 

Alternate DNS 


Alternate DNS 

10.0.0.1 
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Creating a Pre-Create Read Only Domain Controller Account 


1. Log in as Administrator to the Domain Controller (SYS1). 

2. Verify Domain and Forest Functional Levels to Windows Server 2008 or later. 

3. Go to Active Directory Users and Computers. 


Start 




Administrator ^ 


T 



m 

Server Manager 

Wndews 

PowrrShHI 

Administrative 

Toole 

Artrve Directory 
LHrrs and... 

Active D'rectory 

Module for .. 

Q 

m 


tlF 

M 

Coirpvtrr 

Ta 4 Manager 


Active Dfrrctoty 
Sites and,.. 

Active DVcetory 

Domairw and... 

W 

£ 


■ 

e r 

Control P*tH 

Ir.ttwf Explorer 


Active Directory 

Ad nunwtr alive- 

ADSI Edit 




ft 

t 

Desktop 



Group Pokey 
Ma'iagement 

DNS 


4. Create Users (Ex: Userl, User2, User3, User4, User5). 


5. Right click Domain Controllers, Select Pre-create Read-only Domain Controller account. 


“TJl 

Active Directory Users and Computers 

File Action View Help 

*4| 4f D| K □ a la 



□ Active Directory Users ant 
t 3 Saved Queries 
* S3 microsoftcom 
t - Builtin 
12 Computers 


X3 Domain Contra 11 ®" - 
i> lJ ForeignSecurity 
i> _3 Managed Servii 
£3 Users 
sj US Users 


Name 

»-SYS1 


Type 

Computer 


DC Type 
GC 


Site 

INDIA 


Descnption 


Delegate Control.. 


Pre-creat e Read-onl y Domain Controller a ccoun t... 


Find . 

New 

All Tasks 

View 

Refresh 

Export List- 

Properties 

Help 
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6. In Welcome Screen, click Next. 


a 


Active Directory Domain Services Installation Wizard 

Welcome to the Active Directory 
Domain Services Installation 
Wizard 


This wizard helps you create an account for a read-only 
domain controller (RODC). You will be able to attach the 
server that you want to be the RODC to this account by 
running this wizard on that server, 


Ise advanced mode installation; 


Learn more about the additional options that are 
available in advanced mode installation . 


More about staged installation of RODCs 
More about Active Director,' Domain Services 


«: Back 

Next > 


Cancel 


7. Select My current logged on credentials (MICROSOFT\Administrator) and click Next. 


d Active Directory Domain Services Installation Wizard 

Network Credentials 

Specify the name of the forest where the installation ’will occur and account 
credentials that have sufficient privileges to perform the installation . 



Type the name ot any domain in the forest where you plan lo install this domain 
controller. 

microsoft.com 


Specify the account credentials to use to perform the installation 
(• Mygument logged on credentials (MICROSOFT -administrator) 


O Alternate credentials: 

Set 


More about who can install Active Directory Domain Services 


<: Back 

Next > 


Cancel 
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8. Enter the Computer Name(SYS2) of Read Only Domain Controller. 


Q Active Directory Domain Services Installation Wizard 

Specify the Computer Name 


Specify the name of the computer that will be the read-only domain controller 
(RQDC) This account will be created in Active Directory Domain Services 

Before the server can be attached to the account that you are creating 
• and become an RODC, it must be named with the name that you 

specify here The server must not be joined to the domain before you 
install Active Directory Domain Services on it. 


Computer name 


X 


sys2 


Full DNS computer name 


sys2.microsoft.com 


< Back 


Next > 


Cancel 


9. Select the Site (USA) for the Read-only Domain Controllers and click Next. 


S] Active Directory Domain Services Installation Wizard 

X 

Select a Site 

Select a site forthe new domain controller. 

m 
ri . 



Sites: 


Site 

Descnption 


Def auk -First -Sit e -N a me 



INDIA 



|USA 





< Back 


Next > 


Cancel 
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10. Verify the DNS, Global Catalog and Read-only Domain Controller (RODC) checkboxes and click 
Next. 


a 


Active Directory Domain Services Installation Wizard 


Additional Domain Controller Options 



Select additional options for this domain controller. 
|Vl DNS server 
@ Global catalog 

[✓ Read-only domain controler (RODC) 

Additional information; 



< Back 

Next > 


Cancel 


11. Click Set. 
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12. Enter the User name (Userl) and click OK and click Next. 


g 

Select this object type 


Select User or Group 


User. Group . or Built-in security principal 

Object Types... 

From this location: 

rmcrosoft.com 

Locations ... 


Errterthe object name to select (examples) : 


u ser 1 lu ser 1 ftj oosoft .com) 


Check Names 


Advanced... 


OK 


Cancel 


13. Review the Summary, and click Next. 


3 Active Directory Domain Services Installation Wizard 



Review your selections: 

Create a computer account for a new read-only domain controtlerfor the domain 
"microsoft.com". 

Computer name sys 2 micro soft com 
Site: USA 

Additional Options: 

Read-only domain controller: "Yes" 

Global catalog. Yes 
DNS Server. Yes 

Source DC: sysl unicrosoft.com 

To change an option, dick Back. To begin the operation, dick Next. 


These settings can be exported to an answer file for use with 
other unattended operations 
More about using an answer file 


Export settings .. 
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14. Click Finish. 



15. Account of Read-only Domain Controller will be created in Domain Controllers. 


rg 



Active Directory Users and Computers 

File Action 

View Help 



n 

x a x n & d 

t.| H n| ibt a % 


□ Active Directory Users are 
► Saved Queries 
* microsoft.com 
t> Builtin 
j Computers 
-i Domain Controllers 
> 13 ForeignSecurityPrire 
i> 1 Managed Service N 
J Users 
j£ 1 US Users 


Name 
^ SYS! 


Type 

Computer 


DC Type 
GC 


Site 

INDIA 


SYS? Computer Unoccupied DC Account (Read-only, GC) USA 
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16. 


17. 


To cache the user account password on RODC, Select the Users (Userl, User2, User3, User4, 
User5) Right click and select Add to a Group. 


□ 

Active Directory Users and Computers 

1 

File Action View Help 

ala 4' x 

Dn|**&raii 



2 Active Directory Users anr 
(• 8 Saved Queries 
■* microsoftcom 
u Builtin 
G3 Computers 
il Domain Controllers 
t- 1 ForeignSeairityPrint 
(• 1 Managed Service Ai 
SI Users 
£ US Users 


Name' 
1 
l 
k 
k 
k 


Type 


Description 


User! 

User 


User2 

User 


User3 

User 

Add to a group... 

User- 1 . 

User 

Disable Account 

User5 

User 

Enable Account 


Move... 

Open Home Page 

Send Marl 

All Tasks 

Cut 

Delete 

Properties 

Help 


Allows you to add the selected objects to a group you select. 

Enter the Group Name Allowed RODC Password Replication Group and click OK. 


S Select Groups 


? x 

Select this object type : 



Groups or Built-in security principals 

Object Types 

From this location: 



microsoft com 

Locations... 


Enterthe object names to select (examples') : 


Allowed RODC Password Replication Group 


Check Names 


Advanced... 


OK 


Cancel 


18. The Users will be added to the Group, click OK. 


a 


Active Directory Domain Services 


a The Add to Group operation was successfully completed. 


OK 
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Configuring Read-Only Domain Controller using IFM 


1. 

2. 

3. 


4. 


Log in as Administrator to the Domain Controller (SYS1). 

Create a Shared folder (Ex: ifm) in C drive. 

Go to Start, type cmd in Search Apps, and select Command Prompt 


0 

i 

0 

0 


Type Ntdsutil 


Apps 


Results for "cmd' 


Command Prompt 


Search 

Apps 

T?J1 A PPS 

B Settings 


i 


0 


Files 


Internet f rplorer 


as Administrator Command Prompt 


Microsoft Windows LUersion 6.2.7200] 

<c> 2012 Microsoft Corporation. All rights reserved. 
C:\Users\Admin is t rat or . S VS1 . 000>n t dsut il„ 


5. Type Activate instance ntds. 

ss Administrator: Command Prompt - ntdsutil 


Microsoft Windows [Uersion 6.2.92001 

(c> 2012 Microsoft Corporation. All right s reserved. 

C:\Users\Admin is t rat or . SVS1 . 000 >n tdsut il 
ntdsutil: Activate instance ntds 
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6. Type ifm. 


si Administrator Command Prompt - ntdsutil 


Microsoft Windows [Uersion 6.2.9200] 

<c> 2012 h icrosoft Corporation. All rights reserued. 

C : \Users\Administrator .SYS1 . 000>ntdsut il 

ntdsutil: Activate instance ntds 
Active instance set to "ntds''. 
ntdsutil: ifn 


1 

/pe createsysvolRODCC:\ifm 

i 

as Administrator: C:\Windows\system32\cmd.exe - n 


C : \Users\Administrator>ntdsutil 
ntdsutil: actiuate instance ntds 
Actiue instance set to “ntds". 
ntdsutil: ifm 

ifm: create sgsuol rode c:\ifm 
Creating snapshot for RODC media... 


8. Verify for the snapshot generated successfully then type quit, and again quit. 


9. Log in as Administrator to the Workgroup Computer(SYS2) 

10. Assign IP Address and Preferred DNS Server Address. 


— 

eh Administiatoi: C:\Windows\system32\cmd.exe - ntdsutil — 


6E)\Machine\Scripts\Shutdown 

Copying c :\ifm\SVSUOL\mcrosoft .cor»\Policiee\(8AE55408-3D6D-440C-8G97-B38CECF2CO 
6E}\Hachine\Script3\Startup 

Copying c :\ifm\SVSUOL\nicrosof t .com\Policies\{8AE55408-3D6D-440C-8e97-B33CECF2CO 
6E}\User 

Copying C:\ifm\SVSUOL\nierosoft com\Policies\{D7035Q5B- 1 A4B-4C1 2-9C7E-51 03ECA583 
C6j 

Copying c :\ifm\SYSU0L\nicro3oft .cora\Policieo\(D7035A5B-1 A4B-4C12-9C7E-51 03ECA583 
C6}\GPT . INI 

Copying c :\ifm\SYSUOL\nicrosoft ,coni\Policies\{D7035A5B-1 A4B-4C12-9C7E-51 93ECA583 
C6}\Machine 

Copying c :\ifm\SYSUOL\nicrosoft .com\Policies\{D7035A5B-1 A4B-4C1 2-9C7E-51 03ECA583 
C6)\Uoer 

Copying c:\ifm\SYSUOL\r»icrosoft.com\Policies\{D7O35A5B-1A4B-4C12-9C7E-5103ECA583 
C6}\User\coi»nent . cintx 

Copying C:\ifm\SYSUOL\microsoft.coii\PoLicies\{D7035A5B-1A4B-4C12-9C7E-5103ECA583 
C6}\Us»r\Rcgietry . pol 

Copying c :\ifm\SVSUOL\nicroeoft .com\ccripte 

Snapshot {df4c65c8-5498-4423-828c-31 1 e480e3887} unmounted 

IFM media created successfully in c:\ifm 

ifm : q 

ntdsutil: q 
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11. Access the shared folder (Ex: ifm) on Domain Controller and copy it to local hard disk drive (Ex: 
C drive). 


Click Server Manager 


Administ- 

Q 

Computer 

Read Only Domain Controller 


Host Name 

SYS2 

Network 

IP Address 

10.0.0.2 

V 

DNS Server 

10.0.0.2 

Recycle 

Bin 

Alternate DNS 

10.0.0.1 

1? 

User Name 

Administrator 

Control 

Panel 


Windows Server 2012 

fL cd 


Rf facia 


13. In Server Manager Dashboard, Click Add roles and features. 


IL 


Server Manager ! — ^ 

X 


4 « Dashboard 

- (^) 1 Manage Iools ¥iew 

Help 


I” Dashboard 


i Local Server 
|i All Servers 

File and Storage Services > 


WELCOME TO SERVER MANAGER 



O Configure this local server 

UUICKSTAHt 



2 Add roles and features 

WHAT'S NEW 

3 Add other servers to manage 

4 Create a server group 


LEARN MORE 

Hide 


ROLES AND SERVER GROUPS 

Roles: 1 | Setvei groups: 1 | Servers total- 1 


File and Storage 

1 


| Local Server 

1 


* Services 





(♦) Manageability 


(*) Manageability 

V 
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14. In Before you begin page, click Next, In Select installation type, select Role-based or feature- 
based installation, click Next. 


Add Roles and Features Wizard 


□ x 


Select installation type 


DESTINATION SERVIR 

sys2 


Before vpu Begin 


Installation Type 


Server Seection 


Select the installation type You can install loles and features on a running physical computer or virtual 
machine, or on an offline virtual hard disk fVHD). 

• Rolc-bascd or feature-based Installation 

Configure a single server by adding roles, role services and features 


C Remote Desktop Services installation 

Install required role services for Virtual Desktop Infrastructure (VDI) to create a virtual machine- based or 
session- based desktop deployment 


< Previous 


Next > 


Install 


Cancel 


15. In Select destination server, from Server Pool select SYS2, click Next. 


Add Roles and Features wizard 


- a 


X 


Select destination server 


DESTINATION SERVER 
sysZ 


Before Vbu Begin 
Installation Type 


Server Selection 


Server Roles 
Features 


Select a server or a virtual hard disk on which to install roles and features 

• ’ Select a server horn the seiver pool 
O Select a virtual hard disk 

Server Pool 

Filter: 

Name IP Address Operating System 


10.0.0. 2 Miqosoft Window. Server TO 12 Standard Evaluation 


1 Computer(s) found 

This page shows servers that are running Windows Server 2012, and that have been added by using the Add 
Servers command in Server Manager. Offline servers and newly-added servers from which data collection is 
still incomplete are not shown. 


< Previous 


Next > 


Install 


Cancel 
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16. In Roles, check the box Active Directory Domain Services. 


Add Roles and Features Wizard 




Select server roles 


DESTINATION SERVER 

sys2 


Before Xou Begir 
Installation Type 


Select one or more roles to install on the selected server. 

Roles Description 


Server Se ecocr 


Server Roles 


Features 

ADDS 

Confirmation 



Active Directory Domain Services (AD 

DS) stores information about objects 
on the network and makes this 
information available to users and 
network administrators. AD DS uses 
domain controllers to give network 
users access to permitted resources 
anywhere on the network through a 
single logon process. 


| < Previous | [ tSext > I Install [ Cancel 

17. Click Add Features, to install the required features for Active Directory Domain Services. Click 

Next. 


Add Roles and Features Wizard 


x 


Add features that are required for Active Directory 
Domain Services? 


You cannot install Active Directory Domain Services unless the 
following role services or features are also installed. 

[Tools] Group Policy Management 
a Remote Server Administration Tools 
a Role Administration Tools 
a AD DS and AD LDS Tools 

Active Directory module for Windows PowerShell 
a AD DS Tools 

[Tools] Active Directory Administrative Center 
[Tools] AD DS Snap-Ins and Command-Line Tools 

@ Include management tools (if applicable) 


J. ...... 4. 1.4... ..II. .1.4 

:Add Features 

. *• 


Cancel 
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18. In Select features wizard, click Next. 

iL Add Roles and Features Wizard | _ fll x 


Select features 


OCSTINAIION SERVER 

sysi 


Before Mou Begir 
Installation Type 
Server Seecncr 
Server Roles 


Featjres 


AD DS 

Confirmation 


Select one 01 mote features to install on the selected server 

Features 


□ 

in 

□ 

□ 

□ 

□ 

□ 

□ 

□ 

□ 

□ 

□ 

□ 

□ 


NET Framework 3.5 Featur 


.NET Framework 4.5 Features (Installed) 

Background Intelligent Transfer Sendee (BITS) 

Bitlocker Drive Encryption 

BitLocker Network Unlock 

BranchCache 

Client for NFS 

Data Center Bridging 

Enhanced Storage 

Failover Clustering 

Group Policy Management 

Ink and Handwriting Services 

Internet Printing Client 

IP Address Management (IPAM) Server 

iSNS Server service 


Description 

.NET Framework 3.5 combines the 
power of the NET Framework 2.0 APIs 
with new technologies for building 
applications that offer appealing user 
interfaces, protect your customers' 
personal identity information, enable 
seamless and secure communication, 
and provide the ability to mode) a 
range of business processes. 


< Previous 


Next > 


Cancel 


19. In Active Directory Domain Services wizard, click Next. 


Add Roles and Features Wizard 


- O 


Active Directory Domain Services 


DESTINATION SERVER 
sy« 


Before Vbu Begir 
Installabon Type 
Server Selection 


Active Directory Domain Services (AD DS) stores information about users, computer! and other devices on the 
network. AD DS helps administrators securely manage this information and facilitates resource shanng and 
collaboration between users. AD DS is also required for directory enabled applications such as Microsoft 
Exchange Server and for other Windows Server technologies such as Group Policy. 


Server Roles 
Features 


ADDS 


Confirmation 


Things to note 

• To help ensure that users can stHI log on to the network in the case of a server outage, install a minimum of 
two domain controllers for a domain. 

• AD DS requites a DNS server to be installed on the network. If you do not have a DNS setver installed, you 
will be prompted to install the DNS Server role on this machine 

• installing AD DS will also install the DFS Namespaces. DFS Replication, and File Replication services which 
are required by AD DS. 


Learn more about AD DS 


< Previous 


Next > 


1 


Install 


Cancel 
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20. Check the box Restart the destination server automatically if required. Click Install. 


fs 


Add Roles and Features Wizard 


I I — 


Confirm installation selections 


DESTINATION SERVER 

sysi 


Before fou Begin 
Installation Type 
Server Se eerier 
Server Roles 
Features 
AD DS 


Confirmation 


To install the following roles, role services, or features on selected server, dick Install. 

@ Restart the destination server automatically if required 

Optional features (such as administration tools) might be displayed on this page because they have been 
selectee automatically. If you do not want to install these optional features, elide Previous to dear their check 
boxes. 


Active Directory Domain Services 
Group Policy Management 
Remote Server Administration Tools 
Role Administration Tools 
AD DS and AD LDS Tools 

Active Directory module for Windows PowerShell 
AD DS Tools 

Active Directory Administrative Center 
AD DS Snap-ins and Command- Line Tools 


Export configuration settings 
Specify an alternate source path 


: Previous | Install Cancel 


21. Click Promote this server to a domain controller. 




Add Roles and Features Wizard 


- Ol X 


Installation progress 


DESTINATION SERVER 

sys2 


View installation progress 
Q Feature installation 

Configuration required. Installation succeeded on sys2 


Results 


Active Directory Domain Services 

Additional steps are required to make this machine a domain controller. 
Promote thts server to a domain controller 

Group Policy Management 
Remote Server Administration Tools 
Role Administration Tools 
AD DS and AD LDS Tools 

Active Directory module for Windows PowerShell 
AD DS Tools 

Active Directory Administrative Center 
AD DS Snap-Ins and Command- Line Tools 


You can close this wizard without interrupting running tasks. View task progress or open this page 
U again by clicking Notifications in the command bar, and then Task Details 

Export configuration settings 


< Prevrous | 

Next > 


Close 

Cancel 
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22. In Deployment Configuration wizard, select Add a domain controller to an existing domain, 
enter the Domain (Ex: Microsoft.com) 


23. Click Change, enter User Name: userl@microsoft.com and Password, click OK-^Next. 


f„ 


Active Directory Domain Services Configuiation Wizard 


1 - 1 ° M 


Deployment Configuration 


TARGET SERVER 
sysZ 


Deployment Configuration 


Domain Cortrclle' Cptorrs 
Additiona Options 
Paths 

Review Options 
Prerequisites Check 


Select the deployment operator 

• Add a domain controller to an existing domain 
C Add a new domain to an existing forest 
C Add a new forest 

Specify the domain information for this operator 

Domain: mcrosoft.com ;_e ec*. j. 


Supply the credentials to perform this operation 

user1@nnicrosoft.com | Change... 


More about deployment configurations 


•- I e.'i .. Next > 


iiiv.an Cancel 


24. In Domain Controller Options, review the default settings, and type the Directory Services 
Restore Mode Password and Confirm password and click Next. 


r- 


Active Directory Domain Services Configuration Wizard 


Domain Controller Options 


TARGET SERVER 
sysZ 


▲ A pre-created RODC account that matches the name of the target server exists in th... Show more * 


Ceplo/mert Ccrfigj-atior 


Goman Controller Options 


Additional Options 
Paths 

Review Options 
Prerec. s tes Check 


Use exsting RODC account 
O Reinstall this domain controller 

Specify domain controller capabilities and site information 

@ Contain Name System (DNS) server 
[^1 Global Catalog (GO 
@ Read only domain controller (RODC) 

Site name: USA 


Type the Directory Services Restore Mode (DSRM) password 


Password; 

Confirm password: 


More about domain controller options 


< Previous 

Next > 


Install 

Cancel 
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25. In Additional Options Page, check box Install from media, browse and select the folder 
C:\ifm-> select Replicate from Sysl.Microsoft.com, click Next. 


Active Directory Domain Services Configuration Wizard 


Additional Options 

Deployment Contg„raoon 
Domain Cortrclle' Cptcrs 
RDDC Options 


Spec fy nstol From Media [IFM) Options 

M Install vom media 
Path: 


C:\ifm 


AddF.lona Cpttiib 


pjjp .5 Speedy additional replication options 

Review Options Replicate from: Eel microsoft.com 

Prerequisites Check 


More about additional options 


< Previous Next x 


_ n x 


TARGET SERVER 
sys2 


Q 1 Yenfy 




Install Cancel 


26. Verify the location of the AD DS database, log files, and SYSVOL, click Next. 


Active Directory Domain Services Configuration Wizard 


_ fli x 


Paths 


TARGET SERVER 
sys 2 


Deployment Corngurator 
Domain Controller Options 
DNS Options 
Additional Options 


Paths 


Review Options 
Prerequisites Check 


Specify the location of the AD DS database log files, and SYSVOL 


Database folder: 

C:\Windows\NTDS 

□ 

Log files folder 

C:\Wmdows\NTDS 

L, 

SiSVOL folder; 

C:\Windows\SYSVOL 

□ 


More about Active Directory paths 


< Previous 


Next 


Install | Cancel 
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27. Review the Summary and click Next. 



28. Click Install to begin installation. 


r- 


Active Directory Domain Services Configuration Wizard 



x 


Prerequisites Check 


TARGET SERVER 
sys 2 


O All prerequisite checks passed successfully. Click ' 11151311 ' to begin installation Show mere x 


Deployment Configuration 

Prerequisites need to be validated before Active Directory Domain Servces is installed on tnis 

Domain Cortrclie' Optcr? computer 

Additiona Options [Rerun prerequisites che ck! 

Paths 


Review Options 


Prerequisites Check 


A View results 

I This computer has at least one physical network adapter that does rot hare static IP 
address(es) assigned to its IP Properties. If both IPv4 and IPv6 are erabled for a network 
adapter both IPv4 and IPv6 static IP adcresses should be assigned to both IPv4 ard IPv6 
Properties o f the physical network adapter. Such static IP addressees) assignment should 
be Core to all the physical network adapters for relable Domain Name System (DNS) 
operation 

Q Prerequisites Check Completed 

Q Ail prerequisite checks passed successfully. Click Install to begin mstalatior. 


A It you click Install, the server automatcally reboots at the end of the promoton operation 


More about prerequisites 


«. £ievious 


Next > 


Install 


Cancel 
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29. The computer restarts as a part of Active Directory Domain Services installation. 

•L Active Directory Domain Services Configuration Wizard — O 


Results 


TARGET SERVER 
sys2 


© This server was successfully configured as a domain controller 


Show i 


A View detailed operation results 

A Windows Server 2012 domain controllers have a default for the security setting named 'Allow 
cryptography algorithms compatible with Windows NT 4.0' that prevents weaker cryptography 
algorithms when establishing security channel sessions. 

For more information about this setting see Knowledge Base article 942564 (http V/go.m icrosoft.com/ 


You're about to be signed off 

The computer is being restarted because Active Directory Domain Services was installed or removed. 



30. After restarting the computer Active directory will be installed. 


Verification : 

1. Log on to Domain Controller (SYS1) as Administrator 

2. Go to Active Directory Users and Computer, Expand Domain Controllers OU and verify for 

SYS2as Read Only Domain Controller. 


pa 


Active Directory Users and Computers 

File 

Action View 

Help 


n 

IB □ 

B Bl| % ’%> ft T 3 


□ Active Directory Users am 
t ju Saved Queries 
* ^3 microsoft.com 
Bdiltin 


Name 

Type 

DC Type 

Site 

Descri 

# SYS1 

Computer 

GC 

INDIA 


CSYS2 

Computer 

Read-only. GC 

USA 




13 Computers 
p Domain Controllers 
i> lLi ForeignSecurityPrim 
t> i Managed Service Ai 
£l Users 
i!i US Users 
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Lab - 46: Installing and Configuring DHCP Server 


Objective: 

To automatically assign IP addresses to clients in a LAN with a DHCP server 
Pre-requisites: Before working on this lab, you must have 

• A computer running windows 2012 server or Domain Controller. 

• A computer running windows 2012 server or windows 7. 

Topology: 




MICROSOFT.COM 


SYS1 SYS2 

Domain Controller / DHCP Server Member Server / Client 

IP Address 10.0.0.1 IP Address 

Subnet Mask 255.0.0.0 Subnet Mask 

Preferred DNS 10.0.0.1 Preferred DNS 
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Installing DHCP Service 

SYSl - CONFIGURATION 

1. Click Server Manager. 


Administrator 


*3 

Computer 


Network 


DHCP Server 


Recycle Bn 


Control Pane 


Server Manager 


lL 


&>» 


2. In the Server Manager Console, Select Add roles and features 




Server Manager _ 0 x 


44 Dashboard 

* | Manage lewis View Help 


Dashboard 


I Local Server 
■i All Servers 
rgi ADDS 
St DNS 

■5 File and Storage Services > 


WELCOME TO SERVER MANAGER 



Configure this local server 

QUICKS I ARt 



2 Add roles and features 


3 Add other servers to manage 

WHATS NEW 



4 Create a server group 


Hide 

LEARN MORE 



ROLES AND SERVER GROUPS 

Roles: 3 | Server groups: 1 | Servers total: 1 


Tgl ADDS 


1 


0 Manageability 


£, DNS 


© Manageability 
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3. In before you begin page, click Next. 


Add Roles and Features Wizard 




Before you begin 


DCSTIIMATIOCJ SERVER 

syslJAcrosofLcom 


Before fou Begin 


Installation T ype 
Server Seecncn 


This wizard helps you install roles role services, or features. You determine which roles, role 
services, or features to install based on the computing needs of your organization, such as 
sharing documents, or hosting a website. 

To remove roles, role services, or features: 

Start the Remove Roles and Features Wizard 


Before you continue, verify that the following tasks have been completed: 

•The Administrator account has a strong password 

• Network settings, such as static IP addresses, are configured 

• The most current security updates from Windows Update are installed 

If you must verify that any of the preceding prerequisites have been completed, close the 
wizard, complete the steps, and then run the wizard again. 

To continue, click Next 


I Skip this page by default 


Previous 


niextr- 


Install 


Cancel 


4. Select Role-based or feature-based installation, click Next. 


Add Roles and Features Wizard 


- O x 


Select installation type 


DESTINATION SERVER 
syst-Mitroohcom 


Before You Heair 


Installation Type 


Server Selection 


Select the installation type. You can install roles and features on a running physical computer or virtual 
machine, or on an offline virtual hard disk (VHD). 

* Role-based or feature-based installation 

Configure a single server by adding roles, role services, and features. 


Remote Desktop Services installation 

Install required role services for Virtual Desktop Infrastructure (VDI) to create a virtual 
machine-based or session-based desktop deployment. 


| < Previous \ Next 


Install 


Cancel 
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5. Select a server (sysl.Microsoft.com) from the server pool and click Next. 


Add Roles and Features Wizard 


_ fli 


Select destination server 


DESTINATION SERVER 
sysl. Microsoft 43001 


Select a server or a virtual hard disk on vrhich to install roles and features. 

• Select a server from the server pool 
C Select a virtual hard disk 

Server Pool 


Filter 


Name 

IP Address 

Operating System 

1 sys1Aiicrosoft.com 

10.0.0.1 

Microsoft Windows Server 2012 Standard Fvaluation 




1 Computers) found 

This page shows seivers that are running Windows Server 2012. and that have been added by 
using the Add Servers command in Server Manager. Offline servers and newly-added servers 
from which data collection is still incomplete are not shown. 


Before ttou Begr 
Installation Type 


Server Selection 


Server Roles 
Features 


< Erevious 


, ..&«* . 


Install 


Cancel 


6. In select server roles, check the box DHCP Server and click Next. 


Add Roles and Features Wizard 


L- °l 


Select server roles 


DESTINATION SERVER 
sysl.MUaosoR.cort 



Before 'HDu Begin 
Instal tation Type 
Ser ve' ve ecaor 


Server Rotes 


Features 
DHCP Server 
Confirmation 


Select one or more roles to install on the selected server. 

Roles 

□ Active Directory Certificate Services 

M Active Directory Domain Services (Installed) 

□ Actrve Directory Federation Services 

□ Active Directory Lightweight Directory Services 

0 Active Directory Rights Management Services 
I"! Application Seivet 

Led .llLHjkliW 

\«/\ DNS Server (Installed) 

1 1 Fax Server 

> |»/J File And Storage Services (Installed) 

□ Hyper-V 

□ Network Policy and Access Services 
l~l Print and Document Services 

□ Remote Access 

I I Remote Desktop Services 
n Volume Activation Services 


Description 

Dynamic Host Configuration Protocol 
(DHCP) Server enables you to centrally 
configure, manage, and provide 
temporary IP addresses and related 
information for client computers. 




< firevious 


i, . $*#> . 


Install 


Cancel 



MCSE Lab Manual 


Page | 268 


www.zoomgroup.com 










7 


In select features, click Next 



Add Roles and Features Wizard 


Select features 


DESTINATION SERVER 
sysl.Ma050R.com 


Before tou Begin 
Installation ”ype 
Server Se'eoor 
Server Sores 


Features 


DHCP Server 
Confirmation 


Select one or more features to install on the selected server 
Features 



Description 

.NET Framework 3.5 combines the 
power of the NET Framework 2.0 APIs 
with new technologies for building 
applications that otter appealing user 
interfaces, protect your customers' 
personal identity information, enable 
seamless and secure communication 
and provide the ability to model a 
range of business processes 


< Previous 




install 


Cancel 


8. Click Next. 


Add Roles and Features Wizard 


1 - Ol 


DHCP Server 


DESTINATION SERVER 
sy5l.Mxxcs0ft.com 


Before You Begin 
Installation "ype 
Server Seiecrior 
Server Roles 


The Dynamic Host Configuration Protocol allows servers to assign, or lease. IP addresses to computers and 
other devices that are enabled as DHCP dients. Deploying a DHCP server on the network provides computers 
and other TCP/iP-baseo network devices with valid IP addresses and the additional configuration parameters 
these devices need, called DHCP options. This allows computers and devices to connect to other network 
resources such as DNS servers WINS servers, and routers. 


Features 


DHCP Server 


Confirmation 


Things to note: 

* You should configure at least one static IP addiess on this computer 

• Before you install DHCP Server, you should plan your subnets, scopes and exclusions. Store the plan in a 
sate place for later reference. 


More information about DHCP Server 


* Erevious f tied > :| 


Install 


Cancel 
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9. Check Restart the destination server automatically if required and click Install. 


Add Roles and Features Wizard 


_ a 


Confirm installation selections 


DESTINATION SERVER 
sysIMatsoELcan 


Before Tbu Begin 
Installation ”ype 
Server Se ecaor 
Server Roles 
Features 
DHCP Server 


Confirmation 


To install the following roles, role services, or features on selected server, elide Install 
□ Restart the destination server automatically if required 

Optional features (such as administration tools) might be displayed on this page because they have been 
selected automatically If you do not want to install these optional features dick Previous to clear their check 
boxes. 


DHCP Server 

Remote Server Administration Tools 
Role Administration Tools 
DHCP Server Tools 


Export configuration settings 
Specify an alternate source path 


< Previous tjevt 


install _ . Cancel 


10. Select Complete DHCP configuration. 


|-.°l x 


Add Roles and Features Wizard 


Installation progress 

View installation progress 
Q Feature installation 


DESTINATION SERVER 
sysl .Mcrosoftxom 


Configuration required. Installation succeeded on sys1.Microsoft.com. 


Results 


DHCP Server 

Launch the DHCP post-install wizard 

Complete DHCP configuration 

Remote Server Administration Tools 
Role Administration Tools 
DHCP Server Tools 


You can dose this wizard without interrupting running tasks. View task progress or open 
° this page again by dicking Notifications in the command bar, and then Task Details. 

Export configuration settings 


Erevious ! Uext > 


E 


Close 


Cancel 
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11. In DHCP Post-install configuration wizard, click Next. 


DHCP Post Install configuration wizard 


_ a 


Description 


Description 


Authorization 


The following steps will be performed to complete the configuration of the DHCP Server on 
the target computer. 


Create the following security groups for delegation of DHCP Server Administration. 

- DHCP Administrators 

- DHCP Users 


Authorize DHCP server on target computer (if domain joined). 




ommrt 


Cancel 


12. Click Commit to Authorize the DHCP Server. 

iL DHCP Post -Install configuration wizard 


I- a 


X 


Authorization 


Descriptor Specify the credentials to be used to authorize this DHCP server in AD DS. 


Authorization 


• Use the following user's credentials 
User Name: MICROSOFT\Administrator 

Use alternate credentials 

UserName: Specify... 

Skip AD authorization 


< Ereviovs 


fctext > 


Commit 


Cancel 


13. Click Close to Complete the Authorization of DHCP Server. 
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Creating a scope 

1. Go to Start, select DHCP. 


Start 




Administrator ^ 

L ■ 

<k 

♦ 

T 

* 


Windows 

AdmirbtretWc 

Active Director/ 

Active Directory 

Fie 5erver 


i«*r Mar agrr PowetShefl 

Tools 

Liters and- 

Module tor.. 

Resource— DHCP 


Q * 


of 

£ 




Active Director/ 

Active Director/ 


router f*st Manager 


Site* and. 

Domains ard... 


g. 


■ 

* 




Active Director/ 



ird Panel Internet Eaplaw 


AdniiniUiatvr.. 

ADSlCdrt 




w 

* 

A 




Croup Poicy 



Hop ■•••■ ■ « 


Maai^cmefll 

DNS 



2. Expand the System name right click IPv4 -^select New Scope 


DHCP 


_ a 


File Action View Help 


J DHCP 

* j sysl mcrosoft.com 

* » MM 


0 


Add a Scope 


s P- 


Display Statistics... 


New Scope... 

New Multicast Scope... 
Configure Failover... 
Replicate Failover Scopes... 
Define User Classes... 
Define Vendor Classes... 
Reconcile All Scopes.. 

Set Predefined Options... 

View 

Refresh 

Properties 

Help 


Create a new scope 


>e is a range of IP addresses assigned to computers 
.ting a dynamic IP address. You must create and configuie 
>e before dynamic IP addresses can be assigned. 

t a new scope, on the Action menu, click New Scope. 

ore information about setting up a DHCP server, see online 


Actions 

IPv4 

More Ac... ► 
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TECH NOLOGIE! 


3. The New Scope wizard starts, click Next. 


New Scope Wizard 

■ Welcome to the New Scope 

Wizard 

This wizard helps you setup a sc ope for distributing IP addresses 
to computers on your network. 

To continue, click Next 


<0ack 

Next> 


Cancel 


4. Enter Name and a Description for the scope and click Next. 


New Scope Wizard 

Scope Name 

You have to provide an identifying scope name You also have the option of providing a 
description 



Types name and description for this scope This information helps you quickly identify how 
the scope is to be used on your network 

Name: | scope 1 


Qescnpiion 


<Qack 



Cancel 


5. Enter the IP Address Range to be leased to clients, click Next. 


New Scope Wizard 

IP Address Range 

You define the scape address range by identifying a set of consecutive IP addresses 


Configuration settings for DHCP Server 
Entetlhe range of addresses #iaf the scope distributes 
StartlP address. 


m 


10 . 0 . 0 1 


End P address 


10 255 255 254 


Configuration suitings that piopagate to DHCP Client 

I =1 


Length 
Subnet mask 


255 0 0 0 


<ja-« k(ext > Cancel 


0 
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Note : Mention the scope range in the same network of DHCP server. 


6. To exclude IP addresses, enter the Start and end IP address, click Add. Click Next. 


New Scope Wizard 


Add Exclusions and Dolay 

Exclusions are addresses or a range of addresses that aie not distributed by the server A delay 
is the tme duration by which the server will delay Ihe transmission of a DHCPOFFER message 



Type tie IP address range thst you warn to exclude It you want to exclude a single address. 
7 pe an address in Start IP address only 

StartlP address End IP address 

| 10 . 0 0 . 1 | 10 0 . 0 100 Add 

Excluded address range* 


Subn et delay i n m illi sec o nd 

I ^ 


<fiack 


I 


Hem > 


Cancel 


7. In the Lease Duration screen, you can Increase or Decrease the value, click Next. 


New Scope Wizard 


Loaso Duration 

The lease duration specifies how long a client can use an IP address from this scops 


Lease duratons should typically be equal to the average time ihe computer is connecled to 
the same physical nekvork For mobile networks that consist mainly of portable computers or 
dial-up clients shorter lease durst arts can be useful 

Likewise. fora stable network that consists mainly of desktop computers alfmed locations 

longer lease (fixations ate more appropriate 


Settle duiaton for scope leases vrtiendistiibuted by this server 
Limited to 

Qeys Hours Minutes 

ra ra hi 


< Back 

Hem > 


Cancel 
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8. 


In the Configure DHCP Options screen, choose Yes, to configure DHCP options for this scope 
(such as routers, DNS, and WINS settings) now. Click Next. 


New Scope Wizard 


Configure DHCP Options 

You have to configure the most common DHCP options before clients can use the scope 



When clients obtain an address they ale given DHCP options such as the IP addresses of 
routers (default gateways) DNS servers, and WINS setrmgs tor that scope 


The sefmgs you select here a re for ti is scope and ovemde settings configured in fie Server 
Options folder foi this serve i. 

Do you went to configure Ihe DHCP options for Dus scope now'’ 
e |Xes wontto conhg rethese opfons nowi 
C Ng I wi contigu re Ih ese o pforts l ate' 


<aad< 


Uext> 


] 


Cancel 


9. In the Router (Default Gateway) screen, enter the IP address of the router that will function as 
the default gateway for this scope clients and click Add. Or, if you don't have a Router in your 
network, just click Next. 
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10. In the Domain Name and DNS Servers screen enter the name of the Parent Domain & IP 
address of the DNS server, click Add click Next. 


New Scope Wizard 

Domain Name and DNS S«rv«Ns 

The Domain Name System { DNS) maps and translate* domain names used by clients on your 
network 



You can specify the parent domain you want the client computers on your network to use for DNS name 
resolution 

Parent do main. |Mic rosohcom 

To configure scope clients to use DNS servers on your network enier the IP addresses lor those 
servers 

Server name - £ address 


Somovs 

Up 



<Back 


[ Me><> j 


Cancel 


11. In the WINS Servers screen enter the IP address of the WINS server, click Add click Next, if you 
don't have a WINS server on your network, just click Next. 


New Scope Wizard 


WINS Servers 

Computers running Windows can use WINS servers to convert NetBIOS computer names to IP 
addresses 



Entenng server IP addresses here enables Windows clients to query WINS before they use 
broadcasts to register and resolve NetBIOS names 

Server name IE address: 



Up 


To change this behavior tor Windows DHCP clients modify opSon(M6. WINS/NBT Node Type, in 
Scope Opbons 


<Back 



Cancel 
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12. In the Activate Scope screen, select YES and click Next. 


New Scope Wizard 

Activate Scope 

Clients can obtain address leases only if a scope is activated 



Do you want to activate this scope now? 
• Sfas. : want to activate ihis scope now 
C Na I wi act vats #us scope later 


<Back 


E 


fjext> 


Cancel 


Note : A DHCP server can't assign IP addresses until the scope is activated. 


13. Click Finish to complete the creation of Scope. 



New Scope Wizard 

Completing the New Scope Wizard 

You have successfully completed Ihe New Scope wizard 


To piovidehigh availability for tus scope configuiefaitoveiforlhe 
newly added scope by right clicking on the scope and clicking on 
configure failover 

T o close this wiaaid. click Finish 


<Back 


Finish 


i r 


Cancel 
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ZOOM 


TECH N OLOG IE! 


Verification: In DHCP Client 


1. Right click network Icon -^Select properties -^click View Status and select properties -^Select 
Internet protocol Version 4 (TCP/IPv4) Properties and select Obtain an IP Address 
automatically and Obtain an DNS Server Address Automatically ->OK 



2. Open the Command Prompt ->and type Ipconfig /release 



3. Then type Ipconfig/renew 




MCSE Lab Manual 


Page | 278 


www.zoomgroup.com 








4 


mi 


ZOOM 


EC H N OLOG IE 



After that Right click on network Icon Select properties click View Status and click Details. 



5. Verify the IP Address leased by the DHCP Server along with the lease duration and DHCP 
Server and DNS Server details. 


Network Connection Details 

Network Connection Details. 


Property 

Value 

Connection-specific DNS S 

Microsoft com 

Description 

NVIDIA nForce Networking Controller 

Physical Address 

00-26-1 8-A6-F4-36 

DHCP Enab led 

Yes 

IPv4 Addres s 

1000 101 

IPv4 Subnet Mask 

255.00.0 

Lease Obtained 

Monday. January 28. 2013 8 20.37 PM 

lease Expires 

Tuesday. February 5. 2013 8:20~36 PM 

IPv4 Default Gateway 


IPv4 DHCP Server 

100.01 

IPv4 DNS Server 

100.01 

IPv4 WINS Server 


NetBIOS over T cpip Enabi 

Yes 


Close 
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Lab - 47: Creating DHCP Reservations 


Objective: 

To reserve an IP address for a client using a DHCP server 
Pre-requisites: Before working on this lab, you must have 

• A computer running windows 2012 server or Domain Controller. 

• A computer running windows 2012 server or windows 7. 

Topology: 



MICROSOFT.COM 


SYS1 SYS2 

Domain Controller / DHCP Server Member Server / Client 

IP Address 10.0.0.1 IP Address 

Subnet Mask 255.0.0.0 Subnet Mask 

Preferred DNS 10.0.0.1 Preferred DNS 
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SYS1 - CONFIGURATION 

1. Go to Start, select DHCP. 


Start 



Administrator 

• 

fe *■ 

<h 


■ * S. 



Wiodom 

AdH'H r\ti*liwr 

Actrve Directory 

Active Directory Ur Server 



m Mirinyr 

look 

Uwrv «nd 

Module tor. Resource- (Hr P 



*3 m 


wB 

A 





Actrve Directory 

Act w Directory 



rioter 


j4o«nd - 

Domains arci... 



V & 


s 

n 





Adw Directory 




<rri FSnrl Imtmrt Ejfslorrr 


Admin itfratvr.. 

ADSJfdrt 





W. 

* 

M 

bb 

bbla 





Group Pofccy 




krtop >■'» i . 


MsnaQrment 

CNS 




2. In the left pane of the DHCP Console, expand the Scope-> Right click Reservation -^Select 
New Reservation 


¥ 


DHCP 

L- a x 

Rle Action View Help 

lil O U[s.! * 

.? DHCP 



Actions 

* | sysl mcrosoft.com 
a »IPv4 

-< at Scope [10 0.0 0] scope 1 
a Address Pool 

Ul Address Leases 

^j| Reservations 

Reservations * 

A reservation ensures that a DHCP client is always assigned the 
same IP address. 

More Ac... ► 

Sp Scope Opt New Reservation. . 

„ . 


Ct Policies View 

► 



» 5wv?t Option _ . i 

Refresh 

Idl Policies 

i H Filters Help 

tusion prevents a DHCP client from ever obtaining 
rom a specified address range. Exclusion ranges can 


t a IPv6 

be defined in Address Pool. 



For more information about reservations and exclusions, see 
online Help. 


Create a new reservation 
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Type in a name for the reservation in the "Reservation name" text box. Then, in the "IP 
address" text box, mention the IP address that you want to be reserved. Then, enter the MAC 
address of the network adapter of the computer for which the reservation is being made in 
the box provided ->click add ->click Close. 


Note : To Know the MAC or Physical address of the client type Ipconfig /all or getmac in 
command prompt of client computer. 


New Reservation 

Provide information lor a reserved c lient 


Reservation name 

IE address. 

MAC address. 

Description 

Supported types 
i* Bofi 

r dhcp 

r BQOTP 


I 10 10 10 10 

|0G-2G-18-a6-H-66 


Add 


Close 


Check the output in the client computer (SYS2). 

1. In the command prompt type Ipconfig /release and Ipconfig /renew. 


Administrator C:\Windows\system32\cmd.exe - cmd 


ILJ 


:\>ipconfig /renew 
|windows IP Configuration 

Ethernet adapter Ethernet: 

Connection-specific DNS Suffix 

IPv4 Address 

Subnet Mask 

Default Gateway 


Microsoft.com 

10.10.10.10 

255.0.0.0 


MCSE Lab Manual 


Page | 282 


www.zoomgroup.com 


0 





ZOOM 


TECH NOLOGIE! 


Lab - 48: DHCP Server Backup and Restore 


Objective: 

To backup the DHCP database 

Pre-requisites: Before working on this lab, you must have 

• A computer running windows 2012 server or Domain Controller. 

• A computer running windows 2012 server or windows 7. 

Topology: 



MICROSOFT.COM 


SYS1 SYS2 

Domain Controller / DHCP Server Member Server / Client 

IP Address 10.0.0.1 IP Address 10.0.0.2 

Subnet Mask 255.0.0.0 Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 Preferred DNS 10.0.0.1 
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Steps: 

1. Go to DHCP console right click the server name -^select Backup 


DHCP 


File Action View Help 

* fi.ifl X !' fi H Q C 


? DHCP 


A 1 sysl .rnirrnsnft.mm 


h IPv 


Name 
2 in..i 


Add/Remove Bindings... 
Unauthorize 


Backup... 


t> i 


S3 

at 

i ± 

i> iiPv 


Restore- 
All Tasks 
View 
Delete 
Refresh 
Export List- 
Properties 
Help 


2. Select the Location to save the backup file -^OK 



Delete the Existing scope 


1 


DHCP 

File Action View Help 

* * IS BT|| X E : * 

Q[FnJ 5® 


5 DHCP 

J 1 sys1.rmcrosoftcom 
' I, IPv4 

j y sc 

M 

m 

m 

a 

Q Se 

at Pc 

V m Fil 

v i IPv6 


Name 

JlPv4 

ilPv6 


Display Statistics- 
Advanced.. 
Configure Failover... 
Reconcile— 
Deactivate 


Delete 


Refresh 


Properties 

Help 
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4. In DHCP Console -fright click the server name -^select Restore. 


5. 


I 


DHCP 


File Action View Help 


a 


XLaj U ' Q® 


5 DHCP 


-* 1 jysljnicf^* 


* ilPv4 

Q Se 
U Pn 
t a Fil 
1- i IPv6 


Name 


Add/Remove Bindings... 

Unauthorize 

Backup... 

Restore. . 


All Tasks 

View 

Delete 

Refresh 

Export List... 

Properties 

Help 


Select the location of file for Restoration. 



6. Click Yes. 


DHCP 


i In order for changes to take effect the service must be stopped and 
restarted. Would you like to do this now? 


Yes 


No 


7. Click OK and for the Scope restored in DHCP Console. 
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Lab - 49: Configuring DHCP Server Failover 


Objective: 

To configure high availability of DHCP servers using DHCP failover 
Pre-requisites: Before working on this lab, you must have 

• A computer running windows 2012 server or Domain Controller. 

• A member server running windows 2012 server. 

Topology: 



MICROSOFT.COM 


SYS1 SYS2 

Domain Controller / DHCP Server Member Server / DHCP Server 

IP Address 10.0.0.1 IP Address 10.0.0.2 

Subnet Mask 255.0.0.0 Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 Preferred DNS 10.0.0.1 
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SYS2 - CONFIGURATION 

1. Install DHCP Server Role on SYS2 and Do not Authorize the Server. 

SYS1 - CONFIGURATION 

1. Go to DHCP console ->ln left pane, expand Server name -^Expand IPv4 ->right click Scope-> 
select Configure Failover 


DHCP 


File Action View Help 

*+ a /<!.«! B 1 


Ml ® 


? DHCP 

4 I sysl.microsoft.com 

4 i IPv4 

Cj Server Options 

4 C Scope [10.0.0 O' scope) 

Contents of Scope 

# Address Pool 

•i Address Leases 

«l Reservations 

-8 Address Pool 

Address Leases 

id Reservations 


Display Statistics... 

Advanced.. * 

% Scope Options 

Id Polices 

Id Polices 
v SB Filters 

4 a IPv6 

Q Server Options 

Configure Failover... 


Reconcile... 


Deactivate 


View * 


Delete 

Refresh 

Export List... 



Properties 



Help 


n _ 


2. In Introduction to DHCP Failover wizard, click Next. 



Configure Failover 

Introduction to DHCP Failovei 


DHCP Failover enables high availability of DHCP services by 
synchronizing IP addles* lease information between two DHCP 
servers DHCP failover also provides load balancing of DHCP 
requests 

This wizard will guide you Through setup of DHCP failover Select 
from tho following list of scopes which ar© available to bo configured 
foi high availability Scopes which are already configured for high 
availability atenotdisplayedmlhe list below. 

Available scopes Select all. 



c Back 

Llaxt » 


Cancel 
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3. Click Add Server to add the Failover Server. 


Configure Failover 


Specify ttiu paftnui cuivui to uso tor fcnlovu) 

H 


Providerhe hostname or IP address ofrhe partnerOHCPserver wnh whichfailovershould be 
configured. 

You can select from the list of servers vrth an existing failover configuration or you can browse 
and select from the list of authorized DHCP servers 

Alternatively, you ca n type the host name or IP address oftte partner server 
Eartner Server | 


Add Server 


<B8<* 

ble«i» 


Cancel 


4. In Add Server, Browse and Select the server (sys2.microsoft.com), click OK. 


Add Server 


Selects server you wrantto add to your c onso le 

<■ INs server 

pyS2 microsoftcom 

C Tfcis aulh oreed DHCP soever 


Name 


IP Address 


X 


firowse 


QK | 


Cancel 
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5. Select the Mode, Enable Message Authentication and enter Shared Secret, Next. 



6. To Complete the Failover, click Finish. 



7. Verify the Summary to be Successful. 
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SYS2 - CONFIGURATION 

1. Go to Server Manager Dashboard, select notification flag, Complete DHCP Configuration. 


rL 


Server Manager 

L=l a * 


M Dashboard 

•© i 

Manage Tools View Help 


^ Post -deployment Conligura... 


KS Dashboard 


j Local Server 
li All Servers 
Ti DHCP 

iB File and Storage Services > 
|o IIS 

R: I PAM > 

al Remote Access 


Configuration required for DHCP Server at SYS2 


{ omnlete DHCP configuration 


xal server 


Task Details 


WHAT'S NEW 


1 A .-. 1 fj ' uti am. ’ M atures 

3 Add other servers to manage 

4 Create a server group 


learn more 

ROLES AND SERVER GROUPS 

Roles; S | Server groups: 1 | Servers total: 1 

Vi mtrp i SB File and Storage 


Hide 


2. In DHCP Post-Install configuration wizard, click Next. 

iL DHCP Post Install configuration wizard | — O' X 


Description 


Descriptor! 


Auttxxizaton 


The following steps will be performed to complete the configuration of the DHCP Server on 
the target computer; 


Create the following security groups for delegation of DHCP Server Administration 

- DHCP Administrators 

- DHCP Users 


Authorize DHCP server on target computer (if domain joined). 


: grevious [ ftext » 


Commit 


Cancel 
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3. Click Commit, to Authorize the DHCP server sys2.microsoft.com 


Authorization 

Description 


Authorization 


DHCP Post install configuration wizard 


Specify the credentials to be used to authorize this DHCP server in AD DS. 

• Use the following user's credentials 
User Name: MicrosoftSAdministrator 


_ O X 


O Use alternate credentials 
UserName: 

Skip AD authorization 


Specify... 


< Previous time Commit 

Bwtwqw? 


Cancel 


4. Verify the summary and click Close. 


DHCP Post-Install configuration wizard 


- * 


Summary 


The status of the post install configuration steps are indicated below: 


Summary 


Creating security groups Done 

Please restart the DHCP server service on the target computer for the security groups to be 
effective. 

Authorizing DHCP server Done 


s Previous Next > 


Close 


Cancel 


0 
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Verification: 


1. Go to DHCP console and verify the scope replicated from sysl 


DHCP 


File Action View Help 

•n X J ft - Bl® 


? DHCP 

Contents of Scope 

4 1 sy 52 

^Address Pool 

- i IPv4 

j- Address Leases 

IS Server Options 

ui Reservations 

* 3 Scope [10.00.0] scopel 

Scope Options 

S Address Pool 

US Policies 

Li? Address Leases 

i> ifl Reservations 

D Scope Options 

BD Policies 
i2i Policies 
v aQ Filters 
l> jji IPv6 
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Lab - 50: Installing and Configuring Domain Naming System (DNS) 


Objective: 

To configure DNS for name resolution 

Prerequisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server or Domain Controller. 

• A computer running windows 2012 server. 


Topology: 



MICROSOFT.COM 


SYS1 


SYS2 


Domain Controller / DNS Server 

IP Address 10.0.0.1 
Subnet Mask 255.0.0.0 
Preferred DNS 10.0.0.1 


Member Server / DNS Server 

IP Address 10.0.0.2 
Subnet Mask 255.0.0.0 
Preferred DNS 10.0.0.2 
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Installing DNS Service 

SYSl -CONFIGURATION 

1. Select Click Server Manager. 


R 


Administrator 


*3 


Computer 


DNS ! 

Server 

rr 

R w M. 

Recycle Bin 


w 


Control Panel 




ISa ^ 

* P>5<b 


2. In the Server Manager Console, Select Add roles and features 


ik 


Server Manager _ fll X 


** Dashboard 

* (§) 1 r Manage look View Help 


Dashboard 


| Local Server 
■i All Servers 
F|1 ADDS 
£ DNS 

File and Storage Services > 


WELCOME TO SERVER MANAGER 



Q Configure this local server 


H 

QUICK START 






2 

Add roles and features 




3 

Add other servers to manage 


M 

WHAT'S NEW 

4 

Create a server group 






LEARN MORE 



Hide 



ROLES AND SERVER GROUPS 

Roles: 3 | Server groups: 1 | Servers total: 1 


[|1 AD DS 1 


£ DNS 1 

© Manageability 


© Manageability 


MCSE Lab Manual 


Page | 294 


www.zoomgroup.com 


0 







3. In Before you begin page, click Next. 


Add Roles and Features Wizard 


- a 


Before you begin 


DESTINATION SERVER 
5ysl.Micrwcft.0Mii 


Before Mdu Begin 


Installation Type 
Serve' Selection 


This wizard helps you install roles, role services, or features. You determine which roles, role 
services, or features to install based on the computing needs of your organization, such as 
sharing documents, or hosting a website. 

To remove roles, role services, or features: 

Start the Remove Roles and Features Wizard 


Before you continue, verify that the following tasks have been completed: 

• The Administrator account has a strong password 

• Network settings, such as static IP addresses, are configured 

• The most current security updates from Windows Update are installed 

If you must verify that any of the preceding prerequisites have been completed, close the 
wizard, complete the steps, and then run the wizard again. 

To continue, dick Next 


□ Skip this page by default 


| < Previous [ Next > i| nstall Cancel 

4. Select Role-based or feature-based installation and click Next. 


F. 


Add Roles and Features Wizard 


-ax 


Select installation type 


D€ST IMAP CM SERVER 
5y5l.Mi<TO50««xr 


Be'cre Ycu Begin 


Installation Type 


Server Seecn'or 


Select the installation type. You can install roles and features on a running physical computer or virtual 
machine, or or an offline virtual hard disk CVHD). 

* Role-based or feature-based installation 

Configure a single server by adding roles, role services, and features. 


Remote Desktop Services installation 

Install required role services for Virtual Desktop Infrastructure (VDI) to create a virtual 
machine-based or session-based desktop deployment. 


< Previous 


Next » 


Install 


Cancel 
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5. Select a server (sysl.Microsoft.com) from the server pool and click Next. 


Add Roles and Features Wizard 


_ 01 


Select destination server 


DESTINATION SERVER 
sys 1 .Mi crosoflcom 


fe'we Vbii Begin 
Instal otion Type 


Server Selection 


Server Roles 

Features 


Select a server or a virtual hard disk on which to install roles and leatures. 

• Select a server from the server pool 
C Select a virtual hard disk 

Server Pool 


Filter 


Name 

IP Address 

Operating System 

1 sys1.Microsoft com 

10.0.0.1 

Microsoft Windows Server 2012 Standard Evaluation 


1 Computer(s) found 

This page shows servers that are running Windows Server 2012, and that have been added by 
using the Add Servers command in Server Manager. Offline servers and newly-added servers 
from which data collection is still incomplete are not shown. 


< Previous 


V* » 


install 


Cancel 


6. Check box DNS Server, click Next ->Next Install Finish. 


Add Roles and Features Wizard 


|_ 01 X 


Select server roles 


DESTINATION SERVER 
S/il. Micros (Tt.com 



Eetore tou Begin 
Installation Type 
Server Seiectior 


Server Roles 


Features 


Select one or more roles to install on the selected server 
Roles 

0 Active Directory Certificate Services 

1 Vi Active Directory Domain Services (Installed) 

□ Active Directory Federation Services 

l~l Active Directory lightweight Directory Services 

□ Active Directory Rights Management Services 

□ Application Server 

□ DHCP Server 

[✓ jEESETEES. 

□ Fa* Serve* 

t 3 File And Storage Services (InstaBed) 

□ Uyper-V 

□ Network Pokey and Access Services 
Q Prim and Document Services 

l~~l Remote Access 
— ] Remote Desktop Services 
— I Volume Activation Services 


Description 

Domain Name System (DNS) Server 

provides name resolution for TCP/IP 
networks. DNS Server is easier to 
manage when it is installed on the 
same server as Active Directory Domain 
Services If you select the Active 
Directory Domain Services role, you 
can install and configure DNS Server 
and Active Directory Domain Services 
to work together. 


< Erevious 

l a**.?.. J 

Install 

Cancel 


Note: On Domain Controller, by default DNS Server Role will be installed. 

On Member Server we have to install the DNS Server Role Manually using the same process. 
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ZOOM 


.TECHNOLOGIES. 


Creating Standard Primary - Forward Lookup Zone 

1. Go to Start, select DNS. 


Start 

& 

T 

Sorter Man. tgti 

Windows 

PowefShfll 

Q 


Computer 

Task Mamjet 

W 

g 

Control Paoel 

internet Caplorrr 

Desktop 



ft 


AdnwistraCme 

loots 


Administrator £ 


Artw Dnerto7 
Users and- 

T 

Artw Directory 
Modt4etor~ 

if 

Act uc Directory 
j ites end . 

a 

Actrve Directory 
Damans and... 

Actwe Directory 
AfSm i nirtratrve... 

* 

AD5I tdrr 

E 

Group Poky 
Management 

t 

Jk. 

DNS 


* 9 . 


Me Server 
Resource-. 


2. In the DNS dialog box, Expand the DNS">Sen/er name in the left pane, right click the Forward 
Lookup Zones select New Zone 


DNS Manager 


- 3 


File Action View Help 

«•*! alsj & L* Bob! BS9 
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3. In the welcome to new zone wizard click Next 


New Zone Wizard 




Welcome to the New Zone 

— I 


Wizard 



This wizard helps you create a new zone for your DNS 
server. 



A zone translates DNS names to related data, such as P 
addresses or network services. 


To continue, click Next. 


< Back 

Next > 


Cancel 


4. Select "Primary Zone" and Remove the check box for "Store the zone in Active Directory", 
click Next. 


New Zone Wizard 


x 


Zone Type 

The DNS server supports various types of zones and storage. 



Select the type of zone you want to create: 

(•; Primory zone 

Creates a copy of a zone that can be updated directly on this server. 

([Secondary zone 

Creates a copy of a zone that exists on another server. This option helps 
balance the processing load of primary servers and provides fault tolerance. 

0 Stub zone 

Creates a copy of a zone containing only Name Server (NS), Start of Authority 
(SOA), and possibly glue Host (A) records. A server containing a stub zone is 
not authoritative for that zone. 

Store the zone in Active Directory (ava table only if DNS server is a writeable domain 
controller) 


< Back 

Next > 


Cancel 



MCSE Lab Manual 


Page | 298 


www.zoomgroup.com 






ZOOM 


TECH N OLOG IE 



5. In the Zone Name screen, type in the name of the zone you are creating. This name is usually 
the FQDN of the DNS domain that the zone will contain, such as YAHOO.COM -^click Next. 


New Zone Wizard 



Zone Name 

What is the name of the new zone? 



The zone name specifies the portion of the DNS namespace for which this server is 
authoritative. It might be your organization's domain name (for example, 
microsoft.com) or a porton of the domain name (for example, newzone.microsoft.com). 
The zone name is not the name of the DNS server. 


Zone name: 
Yahoo.com 


< Back 

Next > 


Cancel 


6. The Zone File screen appears. In this screen, you can either create a new zone file for the new 
zone, or configure the new zone to use an existing file. Click Next. 


New Zone Wizard 

Zone File 

You can create a new zone file or use a file copied from another DNS server. 


Do you want to create a new zone file or use an existing file that you have copied 
from another DNS server? 


if 


(S)j£ reate a new file with this file name: 


Yahoo, com. dns 


QUse this existing file: 


To use this existing file, ensure that it has been copied to the folder 
%SystemRoot%\system32\dns on this server, and then click Next. 


< Back 

Next > 


Cancel 
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7. 


In dynamic Update Select "Allow both non-secure and secure dynamic update"“^click Next 


New Zone Wizard 

Dynamic Update 

You can specify that this DNS zone accepts secure, nonsecure, or no dynamic 
updates. 



Dynamic updates enable DNS client computers to register and dynamically update their 
resource records with a DNS server whenever changes occur. 

Select the type of dynamic updates you want to allow: 


Allow only secure dynamic updates (recommended for Active Directory) 

This option is available only for Active Directory-integrated zones. 


(Si Allow both nonsecure and secure dynamic updates 

Dynamic updates of resource records are accepted from any client. 


, This option is a significant security vulnerability because updates can be 
"" accepted from untrusted sources. 


O not allow dynamic updates 

Dynamic updates of resource records are not accepted by this zone. You must 
update these records manually. 


< Back 

Next > 


Cancel 


8. The Completing the New Zone Wizard screen appears. Click Finish. 


New Zone Wizard 


x 



Completing the New Zone 
Wizard 

You have successfully completed the New Zone Wizard. 
You specified the following settings: 


Name: Yahoo.com 

/S 

Type: Standard Primary 


Lookup type: 

Forward 


File name: 

Yahoo, com. dns 

V 


Note: You should now add records to the zone or ensure 
that records are updated dynamically. You can then verify 
name resolution using nslookup. 

To close this wizard and create the new zone, click Finish. 


< Back 

f j 

Finish 


Cancel 


9. In the DNS Console, the new zone you created appears in the right pane. 
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Creating Host Records for the standard primary zone 

1. Go to Start, select DNS. 

2. Right click the zone and select New Host. 



3. Enter the Host name for which you are configuring the record Ex: SYS1, enter the 
corresponding IP address of the host ->click Add Host ->OK “>Done. 


New Host 

X 


lame (uses parent domain name if blank): 



SYS1 


Fully qualified domain name (FQDN); 



SYSl.Yahoo.com. 


IP address: 



10.0.0.1 


Create associated pointer (PTR) record 



Add Host 


Cancel 
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Creating an Alias record for the host record 

1. Go to Start, select DNS. 

2. Right click the zone and select New Alias. 

3. Enter the name in the "Alias Name' dialog box Ex: www 

4. Click Browse Double click system name -^double click Forward Lookup Zone -^double click 
the zone name -^select the host name ->click OK~>OK 



Verification: 


1. Open Command Prompt ->type ping FQDN (Fully Qualified Domain Name) 


Ex: Ping SYSl.YAHOO.COM (or) Ping WWW.YAHOO.COM 


2. Name should be resolved into IP Address. 


aa Administrator: C:\Windows\system32\cmdexe 


Microsoft windows [version 6.2.9200] 

(c) 2012 Microsoft corporation. All rights reserved. 

C:\Users\Admini st rator>pi ng www.yahoo.com 

Pinging sysl.yahoo.com [10.0.0.1] with 32 bytes of data: 
Reply from 10.0.0.1: bytes=32 timeclms TTL=128 
Reply from 10.0.0.1: bytes=32 timeclms TTL=128 
Reply from 10.0.0.1: bytes=32 timeclms TTL=128 
Reply from 10.0.0.1: bytes=32 timeclms TTL=128 

Ping statistics for 10.0.0.1: 

Packets: sent = 4, Received = 4, Lost = 0 (0% loss), 
Approximate round trip times in mi 11 i -seconds : 

Minimum = Oms, Maximum = Oms, Average = Oms 

C:\Users\Administrator> 
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Creating Standard Primary - Reverse Lookup Zone 

1. Go to Start, select DNS. 

2. In the DNS dialog box, expand the DNS server's name in the left pane“^right click the Reverse 
Lookup Zones -^Select New Zone. 


DNS Manager _ a X 

File Action View Help 

«» * a I u ra i e a 


* DNS 
-< 1 SYS1 


l- lil Forward Lookup Zones 


l- 


Reverse Lookup Zones 


| New Zone... 

c 

View ► 


Refresh 


Help 


Create a new zone. 


Add a New Zone 


The Domain Name System (DNS) allows a DNS namespace to be divided into zones. 
Each zone stores information about one or more contiguous DNS domains. 

To add a new zone, on the Action menu, dick New Zone. 


3. Click Next 


New Zone Wizard 


x 



Welcome to the New Zone 
Wizard 

This wizard helps you create a new zone for your DNS 
server. 

A zone translates DNS names to related data, such as IP 
addresses or network services. 


To continue, click Next. 


< Back 

Next > 


Cancel 
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4. Select "Primary Zone" and Remove the check box for "Store the zone in Active Directory", 
click Next. 


New Zone Wizard 

4 

Zone Type 

The dns server supports various types of zones and storage. 

f 



Select the type of zone you want to create: 

(#} Primary zone 

Creates a copy of a zone that can be updated directly on this server. 

Q Secondary zone 

Creates a copy of a zone that exsts on another server. This option helps 
balance the processing load of primary servers and provides fault tolerance. 

0 Stub zone 

Creates a copy of a zone containing only Name Server (NS), Start of Authority 
(SOA), and possibly glue Host (A) records. A server containing a stub zone is 
not authoritative for that zone. 

Store the zone in Actve Directory (available only if DNS server is a writeable domain 
controller) 


< Back 

Next > 


Cancel 


5. Check IPv4 Reverse Lookup Zone 


New Zone Wizard 


x 


Reverse Lookup Zone Name 

A rever se lookup zone tr anslates IP addr esses into DNS names. 



Choose whether you want to create a reverse lookup zone for IPv4 addresses or IPv6 
addresses. 

(• IPv4 Reverse Lookup Zone 
0 IPv6 Reverse Lookup Zone 
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6. In the network ID give the first three octets Ex: 10.0.0“>Next 


New Zone Wizard 



Reverse Lookup Zone Name 

A reverse lookup zone translates IP addresses Into DNS names. 



To identify the reverse lookup zone, type the network ID or the name of the zone. 

(•;> Network B: 

|10 0 ~0 ' 

The network ID is the portion of the IP addresses that belongs to this zone. Enter the 
network ID in its normal (not reversed) order. 

ff you use a zero in the network ID, it will appear in the zone name. For example, 
network D 10 would create zone 10.in-addr.arpa, and network ID 10.0 would create 
zone O.lO.in-addr.arpa. 

Q Reverse lookup zone name: 

0. O.lO.in-addr.arpa 


< Back 

Next > 


Cancel 


7. Click Next 


New Zone Wizard 


Zone File 

You can create a new zone file or use a file copied from another DNS server. 


SJ 


Do you want to create a new zone file or use an existing file that you have copied 
from another DNS server? 

(#; Create a new file with this file name: 


o.o.io.in-addr.arpa.dns 


Q Use this existing file: 


To use this existing file, ensure that it has been copied to the folder 
%SystemRoot%\system32\dns on this server, and then click Next. 


< Back 

Next > 


Cancel 
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8. In dynamic Update Select "Allow both non-secure and secure dynamic update" click Next 


finish 


New Zone Wizard 


x 


Dynamic Update 

You can specify that this DNS zone accepts secure, nonsecure, or no dynamic 
updates 



Dynamc updates enable DNS client computers to register arid dynamically update their 
resource records with a DNS server whenever changes occur. 

Select the type of dynamic updates you want to allow: 


(J Allow only secure dynamic updates (recommended for Active Directory) 

This option is available only for Active Directory-integrated zones 

(•) Allow both nonsocure and secure dynamic updates 

Dynamic updates of resource records are accepted from any client. 

, This option is a significant securty vulnerability because updates can be 
accepted from untrusted sources. 

O Qo not allow dynamic updates 

Dynamic updates of resource records are not accepted by this zone. You must 
update these records manually. 


< Back 


Next > 


Cancel 


Creating pointer record 

1. Go to Start, select DNS. 

2. Expand Reverse lookup zone and Right click the zone “►select New Pointer 


& 

DNS Manager 

1 

Of 

X 

File Action View Help 

ig x® » Bsb| b es 




1 DNS 
a 1 SYS1 

► fil Forward Lookup Zones 
•* ILL Reverse Lookup Zones 
h 00.10.in addr.arpa 

Name Type Data 

0 Csame as parent folder) Start of Authority (... (1], sys1.microsoft.co.- 

y (same as parent folder) Name Server (NS) sysl.mierosoft eom. 

■ Til 
t> ■ Co 
i- ilia ok 


Update Server Data File 

Reload 


New Pointer (PTR)... 


New Alias (CNAME)... 

New Delegation- 

Other New Records... 

QNSSEC 

All Tasks 

View 

Delete 

Refresh 

Export List... 

Properties 

Help 


Create a new pointer resource record. 
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3. In the pointer record give the fourth octet -^click browse -^double click server name (SYS1) 
-^double click Forward Lookup Zone -^double click the zone name(Yahoo.com) -^double click 
the host name (SYS1) -^OK 



Verification: 

1. Open the command prompt and type nslookup 10.0.0.1 


mi Administrator: C:\Windows\system32\cmd.exe 


Microsoft Windows [Version 6.2.9200] 

(c) 2012 Microsoft corporation. All rights reserved. 

C:\Users\Admi nistrator>nslookup 10.0.0.1 
server: sysl.yahoo.com 
Address: 10.0.0.1 

Name: sysl.yahoo.com 

Address: 10.0.0.1 


C:\Users\Admi nistrator>_ 
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Lab -51: Secondary DNS Zone 


Objective: 

To create a secondary DNS zone as a backup to the primary zone 

Prerequisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server or Domain Controller. 

• A computer running windows 2012 server. 


Topology: 



MICROSOFT.COM 


SYS1 


SYS2 


Domain Controller / DNS Server 

IP Address 10.0.0.1 
Subnet Mask 255.0.0.0 
Preferred DNS 10.0.0.1 


Member Server / DNS Server 

IP Address 10.0.0.2 
Subnet Mask 255.0.0.0 
Preferred DNS 10.0.0.2 
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SYS1 - CONFIGURATION 

1. In SYS1 one primary zone should be present. E.g. : Yahoo.com 

SYS2 - CONFIGURATION 

1. Go to Start, select DNS. 

2. In the DNS dialog box, expand the DNS server's name in the left pane. Right click Forward 
Lookup Zones select New Zone ->Next 

DNS Manager I — I ® x 

w Add a New Zone 

The Domain Name System [DNS) allows a DNS namespace to be divided into zones. 

Each zone stores information about one or mote contiguous DNS domains. 

To add a new zone, on the Action menu, click New Zone. 


* DNS 
1 SYS2 

(• 13 Global Logs 

■ Forward Lookup Zones 



& - i i 

File Action View Help 

ClFll g| H IB3 


3. Select Secondary zone Next. 


New Zone Wizard 

*1 

Zone Type 

The DNS server supports var ious types of zones and stor age. 




Select the type of zone you want to create: 


Q Primary zone 

Creates a copy of a zone that can be updated directly on this server. 

(#; Secondary zone 

Creates a copy of a zone that exists on another server. This option helps 
balance the processing load of primary servers and provides fault tolerance. 

Qi Stub zone 

Creates a copy of a zone containing only Name Server (NS), Start of Authority 
(SOA), and possibly glue Host (A) records. A server containing a stub zone is 
not authoritative for that zone. 

Store the zone in Actve Directory (available only if DNS server is a writeable domain 
controller) 


< Back 

Next > 


Cancel 
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4. Give the name of primary zone -^click Next. 


New Zone Wizard 

4 

Zone Name 

What is the name of the new zone? 

i* 



The zone name specifies the portion of the DNS namespace for which this server is 
authoritative. It might be your organization's domain name (for example, 
microsoft.com) or a portion of the domain name (for example, newzone.microsoft.com). 
The zone name is not the name of the DNS server. 


Zone name: 
yahoo.com 



5. Give the IP address of primary zone Ex: 10.0.0. 1-^ click Next. 


New Zone Wizard 

X 

Master DNS Servers 

The secondary zone Is copied from one or more DNS servers. 

iS 



Specify the DNS servers from which you want to copy the zone. Servers are 
contacted in the order shown. 


faster Servers: 


IP Address 

Server FQDN 

Validated 

<Click here to .. 
O io.o.o.i 

sfsl.yahoo.com 

OK 



< fiack 

Next > 


Cancel 
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6. Click Next -^Finish. 




New Zone Wizard 

Completing the New Zone 
Wizard 

You have successfully completed the New Zone Wizard. 
You specified the following settings: 


Name: yahoo.com 
Type: Secondary 

Lookup type: Forward 

File name: yahoo.com. dns 


Note: You should now add records to the zone or ensure 
that records are updated dynamically. You can then verify 
name resolution using nslookup. 


To close this wizard and create the new zone, click Finish. 


< Back 

Finish 


Cancel 


Allow zone transfers to secondary zone 

SYSl-CONFIGURATION 


1. Go to Start, select DNS. 

2. In the DNS dialog box, expand the DNS server's name in the left pane Expand Forward 
Lookup Zone right click primary zone select Properties. 


& 


DNS Manager 


File Action View Help 

ft ini xi -* • u 


£ DNS 
* | SYS1 

* 3 Forward Lookup Zones 
v 9 _msdcs.Microsoft.com 
l> 0 Microsoft.com 


3 Yalioo.com 
V uS Re 
111 Tn. 


Name Type 

Cl (same as parent folder) Start of Authority (... 
□ (same as parent folder) Name Server (NS) 
fcJSYSI Host (A) 

O www Alias ((.NAME) 


Data 

11], sysl.miaosoft.co.. 
sys1.microsotl.com. 
10.0.0.1 

SYS1.Yahoo.com 


i- ■ Co 
l- EIGI« 


Update Server Data File 
Reload 

New Host [A or AAAA)... 
New Alias (CNAME)... 

New Mail Exchanger (MX). 
New Domain... 

New Delegation... 

Other New Records... 

DNSSEC 

All Tasks 

View 

Delete 

Refresh 

Export List... 

Properties 

Help 


0 
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3. Select Zone Transfers Tab ->check the box for Allow zone transfers -^select Only to the 
following servers. 


Yahoo.com Properties 


? 


x 


General 

Start of Authority (SOA) 

Name Servers 

WINS 

Zone Transfers 


A zone transfer sends a copy of the zone to the servers that request a 
copy. 

V] Allow zone transfers: 

QTo any server 

O Only to servers listed on the Name Servers tab 
( 8 ) Only to the following servers 



OK 

Cancel 

Apply 

Help 


4. Click Edit and mention the Computer IP Address of secondary zone. Click Notify -^Select to 
the following servers -^and mention the Computer IP Address of secondary zone. 


DNS zona: 
Yahoo.com 


Allow Zone Transfers 


IP addresses of the secondary servers: 



The server FQDN will not be available f the appropriate reverse lookup zones and entnes are not 
configured. 


ok | | cancel 


5. Click Apply -^OK Again Click Apply ->0K. 
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Lab - 52: Creating a Stub DNS zone 


Objective: 

To create a stub DNS zone for fast name resolution 

Prerequisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server or Domain Controller. 

• A computer running windows 2012 server. 


Topology: 



MICROSOFT.COM 


SYS1 


SYS2 


Domain Controller / DNS Server 

IP Address 10.0.0.1 
Subnet Mask 255.0.0.0 
Preferred DNS 10.0.0.1 


Member Server / DNS Server 

IP Address 10.0.0.2 
Subnet Mask 255.0.0.0 
Preferred DNS 10.0.0.2 
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SYS1-C0NFIGURATI0N 

1. Log on to SYS1 and create a primary zone Msn.com along with host and alias records. 

SYS2-C0NFIGURATI0N 

1. Log on to SYS2 and Go to Start, select DNS. 

2. In the DNS dialog box, Expand DNS Server name in the left pane, right click Forward Lookup 
Zones Select New Zone ->Next 


DNS Manager 


Ul“l 


File Action View Help 

+ + 13 Ml Bai U ~ 


03 


a DNS Name 

* 1 SYS2 (3 yahoo.com 

L Global Logs 
■* B Forward Lookup Zones 


i> 

l> 

t> 


New Zone... 
View 
Refresh 
Export List... 


ttelp 


Type 

Secondary 


Status DNSSEC Status Key Master 

Running 


4. Select Stub zone Next 


New Zone Wizard 

X 

7one Type 

The DNS server supports various types of zones and storage. 

i* 



Select the type of zone you want to create: 


Q Primary zone 

Creotes a copy of a zone thot can be updated directly on this server. 

0 Secondary zone 

Creates a copy of a zone that exists on another server. This option helps 
balance the processing load of primary servers and provides fault tolerance. 

(g) (stub zone ! 

Creates a copy of a zone containing only Name Server (NS), Start of Authority 
(SOA), and possibly glue Host (A) records. A server containing a stub zone is 
not authoritative for that zone. 

Store the zone in Actve Directory (available only if DNS server is a writeable domain 
controller) 


< Back 

Next > 


Cancel 
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5. Give the name of primary zone (Msn.com) click Next. 

6. Give the IP address of primary zone Ex: 10.0.0.1-^click Next. 


New Zone Wizard 


Master DNS Servers 

The stub zone is loaded from one or more master servers. 



Specify the DNS servers from which you want to load the zone. A stub zone is 
loaded by querying the zone's master server for the SOA resource record, the NS 
resource records at the zone's root, and glue A resource records. 


Master Servers: 



< Back 


Next > 


1 

' 

J 


Cancel 


7. Click Next Finish. 


8 . 


Refresh the stub zone and verify for records. 


& 


DNS Manager 


File Action View Help 

* fi[H A 3 o, a| □ rn| i g g 


i* 

j 


DNS 
1 SYS2 

t> UJ Global Logs 
• £ Forward Lookup Zones 
0 yahoo.com 
j MSN.COM 


Name 

FKsame as parent folder) 
Q(same as parent folder) 


Type 

Start of Authority (.. 
Name Server [NS) 


V —l Reverse Lookup Zones 

l> A Trust Points 

t> fl Conditional Forwarders 


Data Timestamp 

[3], sysl.microsoftco.. static 
sysl.microsoftcom static 
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Lab - 53: Creating Active Directory Integrated Primary DNS Zone 


Objective: 

To create and troubleshoot active directory integrated DNS zones 

Prerequisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server or Domain Controller. 

• A computer running windows 2012 server. 


Topology: 



MICROSOFT.COM 


SYS1 


SYS2 


Domain Controller / DNS Server 

IP Address 10.0.0.1 
Subnet Mask 255.0.0.0 
Preferred DNS 10.0.0.1 


Member Server / DNS Server 

IP Address 10.0.0.2 
Subnet Mask 255.0.0.0 
Preferred DNS 10.0.0.2 
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Steps: 

1. Go to Start, select DNS. 

2. In the DNS dialog box, expand the DNS server's name in the left pane, right click Forward 
Lookup Zones -^select New Zone 

3. Click Next-> Accept the default option of "Primary Zone" and Select the check box for "Store 
the zone in Active Directory"-^ click Next. 


New Zone Wizard 

X 

Zone Type 

The DNS server supports various types of zones and storage. 




Select the type of zone you want to create: 


(#) jPrimarYZonei 

Creates a copy of a zone that can be updated directly on this server. 

Q Secondary zone 

Creates a copy of a zone that exists on another server. This option helps 
balance the processing load of primary servers and provides fault tolerance. 

0 Stub zone 

Creates a copy of a zone containing only Name Server (NS), Start of Authority 
(SOA), and possibly glue Host (A) records. A server containing a stub zone is 
not authoritative for that zone. 

0 Store the zone in Actve Directory (available only if DNS server is a writeable domain 
controller) 


< Back 

Next > 


Cancel 


4. 


In AD Zone Replication Scope, Select the 


"To all DNS servers in Active directory 


domain"“^click Next. 


New Zone Wizard 

X 

Active Directory Zone Replication Scope 

You can select how you want DNS data replicated throughout your network. 

i* 



Select how you want zone data replicated: 

0 To all DNS servers running on domain controllers in this forest: Microsoft.com 

(#)To all DNS servers running on domain controllers in this domain: Microsoft.com 

QTo all domain controllers in this domain (for Windows 2000 compatibility): 
Microsoft.com 

QTo all domain controllers specified in the scope of this directory partition: 

v 


< Back 

Next > 


Cancel 
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5. Give the Zone Name same as the Domain Name (Ex: Microsoft. com) ; click Next. 


New Zone Wizard 

*1 

Zone Name 

What Is the name of the new zone? 

.1 



The zone name specifies the portion of the DNS namespace for which this server is 
authoritative. It might be your organization's domain name (for example, 
microsoft.com) or a portion of the domain name (for example, newzone.microsoft.com). 
The zone name is not the name of the DNS server. 


Zone name: 
Microsoft.com 


< Back 


Next > 


Cancel 


6. Select "Allow only secure and dynamic update"-^ click Next Finish. 


New Zone Wizard 


X 


Dynamic Update 

You can specify that this DNS zone accepts secure, nonsecure, or no dynamic 
updates. 



Dynamic updates enable DNS client computers to register and dynamically update their 
resource records with a DNS server whenever changes occur. 

Select the type of dynamic updates you want to allow: 


(S) jAllow only secure dynamic updates (recommended for Active Directory)! 
This option is available only for Active Directory-integrated zones. 


C Allow both nonsecure and secure dynamic updates 

Dynamic updates of resource records are accepted from any client, 
a This option is a significant security vulnerability because updates can be 
^ accepted from untrusted sources. 


O E>o not allow dynamic updates 

Dynamic updates of resource records are not accepted by this zone. You must 
update these records manually. 


< Back 

Next > 


Cancel 
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Verification: 


1. Verify for the Service records in Microsoft.com zone. 

NOTE: Service records are available only for the zone with the domain name. 

2. In DC by default the service records are created in the DNS server in the zone with domain 
name. 


DNS Manager 1—0 

File Action View Help 


+ #1 a[oj X E3 d B ml l 

n ^ 




a DNS 

a a SYS1 

a j Forward Lookup Zones 
p 9 MSN COM 
i> 0 Yahoo com 
. Microsoft.com 
t a Reverse Lookup Zones 
l> a Trust Points 

Name 

a .msdes 

3 .sites 

~ _tcp 

_udp 

E DomamDnsZones 

a ForestDnsZones 

Type 

Data 

Timestamp 

( □ Conditional Forwarders 

i i(same as patent (older) 

Start of Authority (.. 

[27], sys1.microso(tc... 

static 

i itl Global Logs 

1 1 (same as parent (older) 
□ (same as parent (older) 
Clsyst 

Name Server (NS) 

Host (A) 

Host (A) 

sysl microsoftcom. 

100 at 

10.00.1 

static 

1/29/201 3 70000 . 

static 


Note: To get the missing records restart the services Netlogon and DNS Server. 


3. Go to Start, type Services in Search Apps, and select Services 

4. Right click Netlogon and click Restart, Right click DNS Server and click Restart. 


bfrvKfS 


_ D X 


File Action View Help 

«■* sj I <3 j B 2 


II l» 


Services (Loca 


Services (Local) 

Netlogon 

Stop the service 
Pause the service 
Restart the service 


Description: 

Maintains a secure channel 
between this computer and 
the domain controller tor 
authenticating users and 
services. It this service is 
stopped, the computer may 
not authenticate users and 
services and the domain 
controller cannot register 
DNS records If this service is 
disabled, any services that 
explicitly depend on it will 
fail to start. 


Name 

• : NetTcp Port Sharing . 

a 

Network Access I 
; Network Connec 
Network Connec 
„ Network List Setsi 
Network locatic 
Network Store In 
Optimize drives 
Performance Coe 
Performance Log 
..Plug and Play 


Description 
Provides ab.„ 


Status 


Start 

Stop 

Pause 

Resume 


Restart 

ZJ 

unning 

All Tasks 

» 

unning 

Refresh 


Properties 

Help 



Enables a e~ 
Portable Device Enum- Enforces gr... 
Power 

Print Spooler 
Printer Extensions and... This service ... 
Problem Reports and ... This service ... 
Remote Access Auto ... Creates a c~ 
Remote Access Conne... Manages di. 
Remote Desktop Cont... Remote De. 

• Remote Desktop Servi .. Allows user... 
Remote Desktop Servi. . Allows the r_ 


Manages p_ 
This service . 


Startup type 
Disabled 


Log On As 

Local Servi.., 


unning Automatic Local Syst 


Running 

Running 

Running 


Manual 

Manual 

Manual (Trig... 

Manual 

Automatic 

Automatic 

Manual 

Manual 

Manual 

Manual 

Manual (Trig.. 

Automatic 

Automatic 

Manual 

Manual 

Manual 

Manual 

Manual 

Manual 

Manual 


Network S. 
Local Syst. 
Local Syst. 
Local Servi 
Network S 
Local Servi 
Local Syst. 
Local Servi 
Local Servi 
Local Syst. 
Local SysL 
Local Syst 
Local Syst. 
Local SysL 
Local Syst. 
Local SysL 
Local SysL 
Local Syst. 
Network S 
Local Syst. 


'.Extended Standard / 


Stop and Start service Netlogon on Local Computer 
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Lab - 54: Conditional DNS Forwarders 


Objective: 

To configure conditional DNS forwarders 

Prerequisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server or Domain Controller. 

• A computer running windows 2012 server. 


Topology: 



MICROSOFT.COM 


SYS1 


SYS2 


Domain Controller / DNS Server 

IP Address 10.0.0.1 
Subnet Mask 255.0.0.0 
Preferred DNS 10.0.0.1 


Member Server / DNS Server 

IP Address 10.0.0.2 
Subnet Mask 255.0.0.0 
Preferred DNS 10.0.0.2 
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Steps: 


1. In SYS1 create a zone with the name Ex: MCITP.COM with host and alias records. 

2. In SYS1 open the command prompt and type ping www.MCITP.COM 

3. There will be a reply from 10.0.0.1 

4. In SYS2 assign the IP Address and Preferred DNS as 10.0.0.2 

5. In SYS2 open the command prompt and type ping www.MCITP.COM 

6. There will not be any reply because the information is in 10.0.0.1 

7. If SYS2 has to resolve the query then configure forwarders in SYS2 properties. 

8. Go to DNS dialog box in SYS2-> Right click conditional forwarders -^select New conditional 
forwarders 


DNS Manager 


1 - 1 “ 


File Action View Help 

fifej & & u -n? IBU 


DNS 

1 SYS2 

v U Forward Lookup Zones 
l- fi Reverse Lookup Zones 
l> S Trust Points 

Name 

l 3 Conditional Forwarders 

v tel New Conditional Forwarder... 

View 


Refresh 


Export List... 


Help 


Type 


There are no items to show in this view. 
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9. Mention the DNS Domain as MCITP.COM and add the IP address of primary zone. 



10. In SYS2 open the command prompt and type ping www.MCITP.COM 

11. There will be a reply from 10.0.0.1 

Note : Only MCITP.COM names can be resolved with the above process. 
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Lab - 55: DNS Forwarders 


Objective: 

To configure DNS forwarders 

Prerequisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server or Domain Controller. 

• A computer running windows 2012 server. 


Topology: 



MICROSOFT.COM 


SYS1 


SYS2 


Domain Controller / DNS Server 

IP Address 10.0.0.1 
Subnet Mask 255.0.0.0 
Preferred DNS 10.0.0.1 


Member Server / DNS Server 

IP Address 10.0.0.2 
Subnet Mask 255.0.0.0 
Preferred DNS 10.0.0.2 
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Steps: 

1. In SYS1 create a zone with the domain name Ex: Microsoft.com with host and alias records. 

2. In SYS1 open the command prompt and type ping www.Microsoft.com 

3. There will be a reply from 10.0.0.1 

4. In SYS2 assign the IP Address and Preferred DNS as 10.0.0.2 

5. In SYS2 open the command prompt and type ping www.Microsoft.com 

6. There will not be any reply because the information is in 10.0.0.1 

7. If SYS2 has to resolve the query then configure forwarders in SYS2 properties. 

8. Open DNS in SYS2 -> Right clickSYS2->select properties -^select forwarders ->click Edit. 

9. Mention the IP address of primary zone -> click OK click OK. 



In SYS2 open the command prompt and type ping www.Microsoft.com 


11. There will be a reply from 10.0.0.1 
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Lab - 56: DNS Root Hints 


Objective: 

To verify DNS root hints 

Prerequisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server or Domain Controller. 

• A computer running windows 2012 server. 


Topology: 



MICROSOFT.COM 


SYS1 


SYS2 


Domain Controller / DNS Server 

IP Address 10.0.0.1 
Subnet Mask 255.0.0.0 
Preferred DNS 10.0.0.1 


Member Server / DNS Server 

IP Address 10.0.0.2 
Subnet Mask 255.0.0.0 
Preferred DNS 10.0.0.2 
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Steps: 


1. Root hints contain the information of 13 root servers 

2. Open DNS Right click the system name -^select Properties -^select Root Hints 


SYS1 Properties 


Debug Logging | Event Logging | Monitonng 

] Security 

Interfaces | Forwarders | Advanced 

Root Hints 


Root hints resolve queries for zones that do not exist on the local DNS 
server They are only used if forwarders are not configured or fail to 
respond. 


Name servers: 



OK 


Cancel 


Apply 


Help 
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Lab -57: DNS Cache 


Objective: 

To view and clear the DNS cache 

Prerequisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server or Domain Controller. 

• A computer running windows 2012 server. 


Topology: 



MICROSOFT.COM 


SYS1 


SYS2 


Domain Controller / DNS Server 

IP Address 10.0.0.1 
Subnet Mask 255.0.0.0 
Preferred DNS 10.0.0.1 


Member Server / DNS Server 

IP Address 10.0.0.2 
Subnet Mask 255.0.0.0 
Preferred DNS 10.0.0.2 
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Steps: 

1. To see the information present in the cache type the command 

"Ipconfig /displaydns" 

2. To clear the cache information type the command 

"Ipconfig /flushdns” 

m Administrator C:\Windows\system32\cmd.exe 


lie i*o soft Windows tUersion 6.2.9206] 

<c> 2012 Microsoft Corporation, fill rights reserved. 
C : NUs ersVAdmin ist rat or> ipconfig /f lushdns 
Li in do us IP Configuration 

Successfully flushed the DNS Resolver Cache. 

C : SUs e rs \ Adn in is t r at o r >_ 
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Lab - 58: Installing and Configuring Internet Information Services 


Objective: 

To create a website and host it using IIS 

Prerequisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server or Domain Controller. 

• A computer running windows 2012 server or Windows 7. 


Topology: 


MICROSOFT.COM 


SYS1 


SYS2 


Domain Controller/DNS/Web Server 

Member Server 

/ Client 

IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Installing Internet Information Services - Web & FTP Server 

SYSl- CONFIGURATION 

1. Click Server Manager. 



2. In the Server Manager Dashboard - ^ select Add roles and features. 

&b Server Manager | — O | X 


Dashboard 


» (5) | Manage look View Help 


Dashboard 


| Local Server 
■i All Servers 

rgi ADDS 

£ DNS 

■5 File and Storage Services > 


WELCOME TO SERVER MANAGER 



Configure this local server 

QUICK 57 ART 



2 Add roles and features 


3 Add other servers to manage 

WHAT'S NEW 



4 Create a server group 


Hide 

LEARN MORE 



ROLES AND SERVER GROUPS 

Roles: 3 | Seiver groups: 1 | Servers total: 1 


I|i ADDS 

1 

DNS 

1 

© Manageability 

© Manageability 
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3. 


In Before you begin page, click Next 


Add Roles and Features Wizard 


L-MJ 


Before you begin 


DESTINATION SERVER 
sysl Microscft.com 


Before You Begin 


Instei ation Type 
Server Seedier 


This wizard helps you install roles role services, or features. You determine which roles, role 
services, or features to install based on the computing needs of your organization, such as 
sharing documents, or hosting a website. 

To remove roles, role services, or features: 

Start the Remove Roles and Features Wizard 


Before you continue, verify that the following tasks have been completed: 

• The Adminrstrator account has a strong password 

• Network settings, such as static IP addresses, are configured 

• The most current security updates from Windows Update are installed 

If you must verify that any of the preceding prerequisites have been completed, close the 
wizard complete the steps, and then run the wizard again. 

To continue, dick Next 


□ Skip this page by default 


< Previous [ Next > ; Install | Cancel 

4. Select Role-based or feature-based installation, click Next. 


Add Roles and Features Wizard 


- 01 


Select installation type 


DtSTINArON SERVER 
5ysr.Mi<rosofuom 


Be'ore Yhu 2^air Select the installation type. You can install roles and features on a running physical computer or virtual 

machine, or on an offline virtual hard disk (VHD). 


Installation Type 


* Role-based or feature-based installation 

Configure a single server by adding roles, role services, and features. 

Remote Desktop Services installation 

Install required role services for Virtual Desktop Infrastructure (VDI) to create a virtual 
machine-based or session-based desktop deployment. 


< Previous 


Next > 


Install 


Cancel 
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5. Select a server (sysl.Microsoft.com) from the server pool and click Next. 


Add Roles and Features Wizard 


- O lx 


Select destination server 


DESTINATION SERVER 
sysl. Microsoft 43001 


Before ton Begin 
Installation Type 


Server Selection 


Server Roles 
Features 


Select a server or a virtual hard disk on which to install roles and features. 

• Select a server from the server pool 
Select a virtual hard disk 


Server Pool 


Filter 




Name 

IP Address Operating System 

sysl. Microsoft com 10.0.0.1 Microsoft Windows Server Z01Z Standard F valuation 


1 Computers) found 

This page shows seivers that are running Windows Server 2012. and that have been added by 
using the Add Servers command in Server Manager. Offline servers and newly-added servers 
from which data collection is still incomplete are not shown. 


< Erevious 




Caned 


6. In select server roles, check the box Web Server and click Next. 


Add Roles and Features Wizard 


- a X 


Select server roles 


DESTINATION SERVER 
sysl. Microsoft xen 


Before tou Begin 
Instal atior Type 
Server seecaor 



Features 

Web Server Role (115) 


Role Services 

Confirmation 


Select one or more roles to install on the selected server. 

Roles 


l~1 Active Directory Lightweight Directory Services 

□ Active Directory Rights Management Services 

□ Application Server 

□ DHCP Server 

M DNS Server (installed) 

I I Fax Server 

> M file And Storage Services (installed) 

Q Hyper-V 

□ Network Policy and Access Services 
FI Print and Document Services 

7] Remote Access 
1 Remote Desktop Services 
l~| Volume Activation Services 


’et> Server 0IS1 


□ Windows Deployment Services 
[7 i Windows Server Update Services 


Description 

Web Server (US) provides a reliable 
manageable, and scalable Web 
application infrastructure. 


< Erevious 




Install 


Cancel 


7. In Add required features for Web Server (IIS), click Add Features. 
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8. In select features, click Next. 


Add Roles and Features Wizard 


Select features 


DESTINATION SERVER 
sysl.Ma050R.com 


Before tou Begin 
Installation ”ype 
Server Selection 
Server Rotes 


Features 


Web Server Role (US) 
Role Services 
Confirmation 


Select one or more features to install on the selected server 
Features 



Description 

JMET Ftamework 3.5 combines the 
power of the NET Framework 2.0 APIs 
with new technologies for building 
applications that otter appealing user 
interfaces, protect your customers' 
personal identity information, enable 
seamless and secure communication 
and provide the ability to model a 
range of business processes 


< Previous 




install 


Cancel 


9. Click Next. 


Add Roles and Features Wizard 


l- °l 


Web Server Role (IIS) 


DESTINATION SERVER 
sy5l.MKro50A.cofn 


Before *ou Begin 
Installation T ype 
Serve' $e ectior 


Web servers are computers that let you share information over the Internet or through intranets and 
extranets. The Web Server role Includes Internet Information Services fllS) 8.0 with enhanced security, 
diagnostic and administration, a unified Web platform that integrates IIS 8.0, ASP.NET. and Windows 
Communication Foundation. 


Server Roes 

Features 


Web Server Role (US) 


Role Services 
Confirmation 


Things to note 

* Using Windows System Resource Manager (WSRM) can help ensure equitable servicing of 
Web server traffic, especially when there are multiple roles on this computer. 

* The default installation for the Web Seiver (IIS) role includes the installation of role services 
that enable you to serve static content, make minor customizations (such as default 
documents and FfTTP errors), monitor and log server activity, and configure static content 
compression. 


More information about Web Server IIS 


< Erevious 


LM>J 


Install 


Cancel 
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10. Check the box HTTP Redirection, under Common HTTP Features. 




Add Roles and Features Wizard 


L -°M 


Select role services 


DESTINATION STIVER 
sysIMicrosofLcom 


Before Mou Begir 
Installation Type 
Server Selection 
Server Roles 
Features 

Wee Server RcSe (US ■ 


Role Services 


Confirmation 


Select the role services to install for Web Server (IIS) 
Role services 

a 0 Web Server 

a 0 Common HTTP Features 
3 Default Document 
3 Directory Browsing 
3 HTTP Errors 
3 Static Contenr 


ITTP Redirection 


I I WebDAV Publishing 
a 0 Health and Diagnostics 
3 HTTP Logging 
Q Custom Logging 
I I Logging Tools 
□ ODBC Logging 

0 Request Monitor 

1 | Tracing 

a 0 Performance 


Description 

HTTP Redirection provides support to 
redirect user requests to a specific 
destination. Use HTTP redirection 
whenever you want customers who 
might use one URL to actually end up 
at another URL. This is helpful in many 
situations, from simply renaming your 
Web site, to overcoming a domain 
name that is difficult to spell, or forcing 
clients to use a secure channel 


| < Previous | | Next > Install j | Cancel 

11. Check the box FTP Service, under FTP Server. 


r. 


Add Roles and Features Wizard 


Select role services 


DESTINATION SERVER 
sysl. micros cft.com 


Before Teu Eegin 
nsiallatlcr ~ype 
Server Selection 
Server Roles 
Features 

‘.e- 5 


Rote Services 


Confirmation 


Select the role services to install tor Web Server (IIS) 


Role services 

a 3 Webserver 

3 Common HTTP Features 

3 Health and Diagnostics 

P 3 Performance 

0 Security 

1 I Application Development 


FTP Server 


0 FTP Service 
Cl FTP Extensibility 
I I IIS Hostable Web Core 
a 3 Management Tools 

0 IIS Management Console 

1 I IIS 6 Management Compatibility 
l~~) IIS Management Scripts and Tools 
O Management Service 


Description 

FTP Server enable* the transfer of 
file* between a client and server by 
using the FTP protocol Use^s can 
establish an FTP connection and 
transfer f les by using an FTP client 
or FTP-enahled Web browser. 


< Previous 


* ext > 


Install 


Cancel 
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12. Check Restart the destination server automatically if required and click Install. 



13. Select Complete DHCP configuration. 


Fa Add Roles and Features Wizard 

Installation progress 



DEST1NM10W S£=VI* 
sysl micros©* con- 


Hesclts 


Vic.s insta lation pragrc:: 
Feature installation 


Installation succeeded on sysl micrssofttom. 

Web Server (IIS) 

FTP Seiver 
FTP Service 
Management Tools 

IIS Management Console 
Web Set vet 

Common HTTP Features 

Default r\r»rt mont 

You can close this wizard without interrupting running tasks. View task 
progress or open this page again by clicking Notifications in the command 
bar, and then Task Details. 

Export configuration settings 


1 . i . ' . — J - . . 

Unit > Close Cancel 
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Creating a Web Site 

1. Go to Start, select Internet Information Services Manager. 


Start 



Administrator ^ 


T 

ft 


w 

*F ? 

Server Manager 

Windows 

PottCfSholl 

AdminuLiafoe 

Took 

Actwe Directory 
ukers arvd- 

Active Directory 
Module for- 

File Server 

Resource- DHCP 


* 

if 

m 

% 

Computer 

Ta:k Manager 

Act we Directory 
Sites and- 

Active Directory 
Domains and- 

Internet. 

information.- 

W 

0 

■ 

R 


Centre! Panel 

Internet Explorer 

Active Directory 
Administrate.. 

ADSI Edit 




fi 

e 

■ 


Desktop 


Group Pokey 
Management 

DNS 








2. In the left pane of the Internet Information Services, Expand the server Right click on sites 
and select Add Web Site. 


ft 

Internet Information Sen/ices (IIS) Manager 

— 

ai ! x 

- ► SVS1 » Sites ► 

uj 

*i w - 

Rle View 

Help 




Connections 

«- U 123 IK 


W C Sites 


^ Start Page 

SYS1 (MICROSOFT\Administiator) 
i-iD Application Pools 
•* * Sites 


Filter. 


Name ID 

® Default Web- 1 



' Go Show All | Group by: 
Status 8mding 
Started (.. ‘:80 (http) 


P. 

% 


Actions 

Ot Add Website- 

Set Website Defaults- 
*> Help 

Online Help 


Ready 


< ill 


• Features View . Content View 


> 


% 
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3. Add Web Site wizard opens In the Site name type a Name for the Website Ex:YAHOO.COM 



4. In Physical path, browse and select the location of Home Directory (webpage) 



5. Select one IP address (10.0.0.1) from the drop-down list. 
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6. Specify the Host name Ex: WWW.YAHOO.COM & click OK. 



7. Web Site will be successfully added. 


Adding the Default Document for the website 

1. Open IIS expand sites -^select website right click and select Explore. 


V Internet Information Services (IIS) Manager 

— 

O x 


• ► SYS1 ► Sites ► Yahoocom ► 

u> w - 


File View Help 

Connections 

<T u a i* 

% Start Page 

[ ‘ S SY51 (MICROSOEHAdministrator) 
Application Pools 
a £ Sites 

I' 9 Default Web Site 

I -d Yal)fiSL£Qm_ 


Explore 

Edit Permissions. 


Add Application.. 

Add Virtual Directory.. 
Edit Bindings.. 


Manage Website 


Yahoo.com Home 

• 'Go Show All I Group by: 


Filter 

IIS 

A -3 

Autnentica .. Compressi 


O 

Default 


m a 

Directory Error Pages 


to Refresh 
X Remove 
Rename 
... Switch to Content View 


Document Browsing 


£) 

indler 

ppings 

)dules 


wnp 

Redirect 

** 

Output 

Caching 


HTTP 
Respon.. 

Request SSI Settings 
Filtering 


i & 

logging MIME Types 


3 


inagement 


figure 

Editor 


Features View : Content View 


Actions 

6 > Explore 

Edit Permissions. 


Edit Site 

Bindings.. 

1-1 Basic Settings. 

View Applications 
View Virtual Direcfones 

Manage Website a 

2 Restart 

» Start 

■ Stop 


Browse Website 

. ... Browse wwsv.yahoo com 
on 10.0.0.1:80 (http) 
Advanced Settings.. 

Configure 

limits— 

© Help 

Online Help 


Ready' 




2. Select the Webpage Right click & select Rename-^ Copy the webpage name 
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In IIS “^expand sites select website - ^ Open Default Document feature. 



Internet Information Services (IIS) Manager 

L 

_jo|x 


d ► SYS1 ► Sites ► Yahoo.com * 

u> tt - 

Erie View 

help 




w ■ 


Connections 


a ib*. 


Stan Page 

- «i SYS1 (MIC ROSOf ^Administrator ) 
Application Pools 

‘ m. Sites 

t • Default Web Site 
p-O Yahoo.com 


^ Yahoo.com Home 

filter. - '' Gc Show All | Group by: 


IIS 


1 1 ■& 

Aulhenlica.. Compressi.. 


«£) 

Handler HTTP 

Mappings Redirect 

41 ** 

Modules Output 

Caching 

Management 


Configura- 

Editor 


ffl 


Default j Directory Error Pages 
Document j Browsing 


Open feature 


jX Explore 

Edit Permissions... 
Bindings.. 

□ Basic Settings 
View Applications 
View Virtual Directories 


Manage Website 
» Help 

Online Help 


Actions 


Open Feature 
£L Explore 

Edit Permissions- 
Edit Site 

Bindings. 

S Basic Settings- 


View Applications 
View Virtual Directories 

Manage Website ■» 

2 Restart 

* Start 

■ Stop 

Browse Website 

.j. Browsewvw.yahoo.com 
cm 100.0180 (http) 
Advanced Settings.- 
Con figure 

Limits.. 
t> Help 

Online Help 


Click Add, Mention (Paste) the html file name (with Extension of file) 


Ex:Yahoo!.htm ->click OK. 



Enable Directory Browsing for the web site 

1. Open IIS expand sites and select the website (YAHOO.COM) 


*t Internet Information Services (IIS) Manager 

-OX 

9 ► SYS1 ► Sites » Yahoo com ► 

W) « * 

File View Help 


Connections 

SJ Directory Browsing 

Alerts 

Ml- |.J « ss 

Q) Directory browsing 

•l Starr Page 

x SYS1 (MtCROSOFT\AdministratOf) 

Use this feature to specify the information that displays m a directory 

has been disabled 

listing. 

Actions 

• ki Application Pools 

3 jime 

x j] Sites 

3/ Apply 

i 9 Default Web Site 

i3 Size 

He Can ert 

i 9 Yahoo.com 

51 Extension 

V Date 

fnahe 

9 Heip 


H long date 

Online Help 


2. Open Directory Browsing Feature click Enable, (on Actions pane) 
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DNS Configuration for the Website 

1. Go to Start, select DNS 


Start 




Administrator ^ 

L 

V 

ft 

a- 

T 

ofc * 

_n_ 

Saver Manager 

Window* 

PuweiStel 

Administrative 

Touts 

Active Directory 
then and.- 

Active [> rectory 
Modufcfar.. 

Me Saver 

Resource.. DHCP 

Q 



if 

rf) 


Computer 

Task Mraqct 


Active Directory 
Sites and. 

U live Directory 
Domains and.. 


W 1 

\b 



V 


Control Parel 

'nemet ora 


Active Directory 
Admin*«tratme. . 

AOSI Edt 





m 

* 






JL 


Desktop 

>■■■ ■■■ 


Group Poky 
Management 

DNS 













> 1- 


2. Select Forward Lookup Zone Right click select New Zone 


DNS Manager | — 3 x 


DNSSEC Status Key Master 
Not Signed 
Not Signed 


Create a rtew zone. 


File Action View Help 

*<4| sl s a| a a| i @3 

1 DNS 
■* | SYS1 

t> 13 Forward Lookup Zones 
t> S Reverse Lookup Zones j 
HI Trust Points 
t 1 Conditional Forwarder 
t> iJ Global Logs 


Name 

m .msdcs-MicrosofLcom 

. I Mirrncnft rnqi 

New Zone 


Type Status 

Active Directory-lntegra... Running 
Active Directory-lntegra... Running 


View 
Refresh 
Export List- 
Help 
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3. Create a new primary zone in Forward Lookup Zone and mention the website Domain Name 
(Ex:YAHOO.COM) 


New Zone Wizard 


1*1 


Zone Name 

what is the name of the new zone? 



The /one name specifies the portion of the DNS namespace for which this server is 
authoritative. It might be your organization's domain name (for example, 
microsoftcom) or a portion of the domain name (for example, nesvzo ne . mi c roso ft. com). 
The /one name is not the name of the DNS server 


Zone name: 
^ahoo.com 


< Back | Nr 


N«Xt > 


cancel 


4. Select the zone Right click select New Host 


& 


DNS Manager 

L-JO| x 

File 

Action View Help 



• -V 

&|in| xii a at U t*| i P 3 




A DNS 
* j SYS1 

■* St Forward Lookup Zones 
i> 01 _msdcs Microsoft com 
if 0 Microsoft.com 


Name Type 

0 (same as parent folder) Start of Authority (... 
y (same as parent folder) Name Server (NS) 


Data 

(11. sysl.microsoftco.. 
sysl microsoftcom 


s 


v 

!■ jj Git 


0 Yahoo .com 

i- □ Re update Server Data File 
Reload 

New Host (A or AAAA)... 
New Alias (CNAME)- 
New Mail Exchanger (MX)... 
New Domain... 

New Delegation- 
Other New Records... 
QNSSEC 
All Tasks 
View 
Delete 
Refresh 
Export List- 
Properties 
Help 


Create a new host resource record. 
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5. Mention the Web Server name and IP Address ->Add Host ->OK -^Done. 


New Host 


Name (uses parent domain name if blank): 


SYS1 


Fully qualified domain name (FQDN): 


SYSl.Yahoo.com. 


IP address: 


10.0.0.1 


n Create associated pointer (PTR) record 


Add Host 


Cancel 


6. Select the zone Right click select New Alias & Create an Alias (E.g: www) for the host, which 
you specified in the host header for the site -> click OK. 


New Resource Recoid 


Alias (CNAME) 


Alias name [uses parent domain f left Wank): 





OK 


cancel 
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Verification: 


1. Open Internet Explorer or any browser and access the website 


Qi 


- 1 0 | X 


@ I— 07 . '.yahoo.com 


P - 86 


(J Yahoo! 


Mnkf> Yahoo! your homi* pnqe 

ft 

Finance Music Shopping 



Gat Yahoo! Toolbar with Anti- Spy 

Mail My Yahoo! Messenger 


Select Search Category 

Web 

images Directory | News Products 




Search the Web: 


Yahoo! Search | ; &££** 





Yahoo! Small Business - Get a domain for S9 95/yr., Build a web site, Open an online store 


Free mail sign up 


Mail status: Sign In 


Autos 

Chat 

Finance 

Games 

GeoCities 

Groups 

HoaKti 


Horoscopes 

HoUobs 

Kids 

Mail 

Maps 

Messenger 

Mobile 


Movies 
Music 
My Yahool 
Nows 

People Search 

Personals 

Photos 


Real Lstate 

Shopping 

Sports 

Travel 

TV 

Yellow Pages 

All V! Services... 



Yahoo! Autos 

Free Price Quotes, car Insurance, 
flew Car Guide, Sedans, More... 


• Suicide bomber clashes in Iraq kill 27 
•Kmart to acquire Sears inSII biBiondeal 

• House GOP changes rules to protect DeLay 

• Democrats guestion Kerry's campaign funds 

• More than 100,000 children in foster care 

• Melting glaciers said threatening Everest 

• Disney relaunches Muppets on web site 

• NBA Soccer MLB Nf-L • NCAA Hoops 

Sports • Stocks • News • Elections 


Local Weather 


Enter U S. City or Zip Code 




V 
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Lab - 59: Configuring redirection of Websites 


Objective: 

To redirect requests from one website to another 

Prerequisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server or Domain Controller. 

• A computer running windows 2012 server or Windows 7. 


Topology: 


MICROSOFT.COM 


SYS1 


SYS2 


Domain Controller/DNS/Web Server 

Member Server 

/ Client 

IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 

1. Go to Start select Internet Information Services Manager, 

2. Create two websites, Ex:YAHOO.COM and MICROSOFT.COM 

3. If YAHOO has to be redirected to MICROSOFT then Select YAHOO.COM -^Open HTTP Redirect 
feature 



internet Information Services (IIS) Manager 

_ a 

X 

d * SYS1 * Sites ► Yahoo.com ► 

U) 

i* - 

File View 

Help 




Connect ions 


a * 

. tfj Start Page 

■* ’’a SYS1 !MICROSOFT\Admimstiatof I 
ju) Application Pools 

- .<f Sites 

t O Default Web Site 
t 9 Vahoo.com 
t # Microsoft.com 


H 


Ready 


V* Vahoo.com Home 

. P Go - Show All l Group by 


Filter 

IIS 

JL 'S 

Authentica. Compressi.. 


f3 D 


‘v*’ 

HTTP 

Redirect 


♦a ) 

Handler 
Mappings 

4 f 

Modules Out p U 

Cach in 

Management 


Configura. 

Editor 


O 

Default Directory Error Pages 
Document Browsing 
a- 


Hnp 

Respon. 


tl 

Logging MIME Types 


li> 


Open Feature 
Explore 

Edit Permissions.. 


Bindings ... 

Basic Settings .. 

View Applications 
View Virtual Direnories 

Manage Website 


& 


Help 

Online Help 


Features View . Content View 


Actions 

Open Feature 


iX Explore 

Edit Permissions-. 


Edit Site 

Bindings. 

@ Basic Settings.. 


View Applications 
View Virtjal Directories 


Manage Website «. 

Z Restart 

► Starr 

■ Stop 

Browse Website 

_ Browse www yahoo com 
* on 10.0.0.1:80 Chttp) 
Advanced Settings. 


Configure 

Limits.. 


O Help 
Online Help 
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4. Select the check box Redirect requests to this destination give the destination as 
http://www.MICROSOFT.com and click Apply in the actions Pane. 



Internet Information Services (IIS) Manager — 3 |x 


9 ► SYS1 ► Sites ► Yahoo.com ► 

ai ’-| U - 


£ile J£iew He<P 


Connections 

I ft 

% Start Page 

-* SYS! (MICROSOH\Administiatof) 
j Q Application Pools 
• ifi Sites 

i 9 Default Web Site 
r 9 Yahoo.com 
v 9 Microsott.com 


M HTTP Redirect 

Use this feature to specify rules for redirecting incoming requests to 
another file or URL. 

* Redirect requests to this destination: 
http://www.M icro so ft.com 
Example http://wwwcontoso.com/safes 


Actions 

& Apply 
IgrCancel 

Save the current changes. 

Online Help 


Redirect Behavior 

□ R£direct all requests to exact destination (instead of relative to destin. 

Cl Only redirect requests to content in this directory (not subdirectories) 
Status code: 

found (302) v 


< r in [ > 

1 2 Features View ■ Content View 


Configuration: Yahoo.com' web.config 




5. Open Internet Explorer or any browser and access Yahoo (www.yahoo.com) and it will be 
automatically redirected to MICROSOFT (www.MICROSOFT.com). 






C J )| & Ml - : i w.vw rnkrosoft.com 


P’C ^ Microsoft India I Devi. 



Products- Downloads- Support- Security: Shop: 


4 Windows Phone 

Beautifully designed, 
uniquely yours 

Meet the phone for you 


Discover 


For Home 


For Work 


Windows 

Office 

Windows Phone 
Xbox 

ClninA 



Download the latest browser for 
Windows. 


Work easy. Play hard. Learn more 
about Windows 8. 


Office 36S Home Premium Is 
available when and where you 


v 
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Lab - 60: Creating Virtual Directory 


Objective: 

To configure webpage access via Virtual Directory 

Prerequisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server or Domain Controller. 

• A computer running windows 2012 server or Windows 7. 

Topology: 



MICROSOFT.COM 


SYS1 


SYS2 


Domain Controller/DNS/Web Server 

Member Server 

/ Client 

IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 

1. Go to Start, select Internet Information Services Manager. 

2. Expand the system name, Select the Web Site (Yahoo) for which you want to create Virtual 
Directory Right click and select Add Virtual Directory. 


s f 

Internet Information Services (IIS) Manager 

^JO| X 

Q > SYS1 ► Sites 

► Yahoo.com ► 

m n - 

File View Help 



Connections 


Actions 

W- * b> 

Yahoo.com Home 

I A i Explore 


r-®5 Start Page 

-< *>i SYS1 (MICROSOFT\Administrator) 
J2 Application Pools 
* .«J Sixes 

v 9 Default Web Site 

t> i# Yahoo mm 


Fitter 

IIS 

jl ■a 

Authentica.. Compressi . 


'Go - 15 Show Alt Group by: 


m "5i 

Directory Error Pages 


Edit Permissions. 

Edit Site 

Bindings... 


Explore 

Edit Permissions. 


! 


® Add Apphcaboa.. 


Add Virtual Directory.. 
Edit Bindings- 


er 

igs 


Manage Website 

Refresh 

Remove 

Rename 


Switch to Content View 


ZL 


► les 


HTTP 

Redirect 

Output 

Caching 


O 

Default 
Document Browsing 

* fel in 

HTTP 
Respcn. 


AT 


Logging MIME types 

a 


Request SSL Settings 
Filtering 


lement 


Si Basic Settings- 
View Applications 
View Virtual Diredones 

Manage Website w 

2 Restart 

► Start 

■ Stop 

Browse Website 

Browse www.yahoo.com 
on 10,0.0.1:80 (http) 
Advanced Settings- 

Configure 

limits- 

O Help 

Online Help 


Editor 


Features View . Content View 


Ready 


3. Specify the Alias name to the Virtual Directory (Ex: mail), and Browse to select the physical 
path Ex:(D:\Yahoomail) -^click OK. 


Add Virtual Directory 


? 


x 


Site name: Yahoo.com 
Path: I 


Alias: 

mail 

Example: images 
Physical path: 

EAWeb Pages\ YAHOO MAIL 


Pass-through authentication 


Connect as... 


Test Settings. 
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4. Virtual Directory will be created. 



Internet Information Service? (IIS) Manager 

» 5Y51 ► Sites ► Vahoo.com » mail > 



File View Help 


Connections 








IP b> 

man nome 





Start Page 

j SYS1 (MICROSOFT\Admi nistrator) 

J Application Pools 
a 4 Sites 

► © Default Web Site 
* © Yahoo.com 
►ta) mail 

Eilten 


» 

■ Go • Oi Show 611 Group by 

i. 

IIS 

3 ?> 51 

Authentic a. .. Compressi.. 

© 

Default 

Document 

S3 

Directory 

Browsing 

QD 

Error Pages 

A 

h-U Yar 

Explore 



1& 

HTTP 


u 

Loaning 

MIME Types 




Edit Permissions. 


» 

HTTP 



9 

£ 

Convert to Application 

Add Application. 

Add Virtual Directory. 

gs Redirect 

Respon.. 

4 

SSL Settings 





Manage Virtual Directory • 

Caching 

Filtering 




ui 

X 

Refresh 

Remove 


NMflt 








Switch to Content View 










uumiyuia.. 

Editor 






<1 

III 

: _i> 

1 ?! Features View 

. Content View 


Actions 

H Deplore 

Edit Permissions.. 

S Basic Settings. 

Manage Virtual 
Directory 

Browse Virtual 
Directory 

_ Browsewwwyahoo.com 
on 10.0.0.1:80 (http) 

Edit Virtual Directory 

Advanced Settings... 

© Help 
Online Help 


Ready 




5. Add the Default Document for the Virtual Directory ->OK 


|T 4 

Internet Information Services (IIS) Manager 

- 

01 

* 

©T 

* SY51 ► Sites ► Yahoo.com * mail ► 

sn 


© * 


Pile View Help 


Connections 

K*UI» IK 

: *1 Start Page 

-■ “j SYS1 (M I CROSOFTVAdm i nistrator) 
& Application Pools 
‘ 4 Sites 

l' © Default Web Site 
* © Yahoo.com 
t- mail 
v -3 Yahoo! hies 


mail Home 

Filter. * 

IIS 

& 5i 

Authentica... Compressi.. 


<£) 

Handler 


- 

http 


Mappings Redirect 

H 


Modules 


JK 

Output 

Caching 


Management 


Conhgura. 

Editor 


* Go • (Si Show All Group by. 

S3 31 

Directory Error Pages 
Browsing 



Open Feature 

a: Explore 

Edit Permissions. 

Basic Settings 


Manage Virtual Directory 


© Help 

Online Help 


?! Features View It _ Content View 


Actions 


Open Feature 


d Explore 

Edit Permissions . 


(3 Basi c Settings. 

Manage Virtual 
Directory 

Browse Virtual 
Directory 

. - Browsewwtv.yahoo.com 
on 10 0.0 1:80 (http) 

Edit Virtual Directory 

Advanced Settings. 


© Help 

Online Help 


Ready 


-I 
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6. To access the virtual directory specify the syntax in Internet 

http://websitename/virtualdirectorvname 

Ex: http://www.Yahoo.com/mail 



'^XHOO? MAIL 

toWaKoo! 

Login Form 

Yahoo! ID: | 

Password: 


Yahoo* Hdn 



G Remembei my ID on this computer 
Sign In ] 


Forget vour ID o« mmwowP I Help 

Don't have a Yahoo! ID? 

Signing up is easy. 

Sign Up 

One Yahoo! ID. So much fun! 


Use your single ID for everything from checking Moil to checking out Yahoo' Musk Photos. Messenger and more 



v 


Explorer 
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Lab - 61: Changing the Web Site IP address or Port number 


Objective: 

To change website IP address and port number in IIS 

Prerequisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server or Domain Controller. 

• A computer running windows 2012 server or Windows 7. 

Topology: 



MICROSOFT.COM 


SYS1 


SYS2 


Domain Controller/DNS/Web Server 

Member Server 

/ Client 

IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 


1. Go to Start, select Internet Information Services Manager. 

2. Select the Web site -^click Bindings in the Actions Pane. 


3. 

4. 



Internet Information Services (IIS) Manager 

-1*1* 


9 ► SYS1 > Sites ► YAHOO.COM ► 

ui w • 


Eile View Help 


.h I * * 


Connections 


: *3 Start Page 

■< *3 SYS1 !M I CROSOf T\Adm i nistrator ) 
.2 Application Pools 
* »l Sites 

!• 9 Default Web Site 
l- 9 MICROSOFT COM 
► 9 YAHOO.COM 


Filter 

IS 


YAHOO.COM Home 

• ' >61 Show All Group by: 


£ 

4 

e 

ip 

t£ 

#’! 

Authenti.. Com pres... 

Default 

Directory 

Error 

Handler 



Document Browsing 

Pages 

Mappings 


«ifj 

u 

fr 

41 

JK 

http 

HTTP 

Logging 

MIME 

Modules 

Output 

Redirect 

Respon... 


Types 


Caching 


a 

Request SSL 
Filtering Settings 

Man»9»menr 

1 

Configur. 

Editor 


I H Features View > Content View 


a 


Actions 

ii Explore 

Edit Permissions... 

Edit Site 

Bindings.. 

0 Basic Settings.. 

View Applications 
View Virtual Directories 

Manage Website 

Z Restart 

* Start 

■ Slop 

Browse Website 

Browse 

E WWW.YAHOO.COM on 
10.0.0.1:80 (http) 
Advanced Settings... 

Configu re 

Limits.. 

Add FTP Publishing.. 

O Help 

Online Help 


Ready 


*3 


Click edit and change the IP address or port number or host name. 


If the port number is changed then the website can be accessed only by specifying the port 
number http://www.vahoo.com:port number 


ItpV/wwwyjlioo.comtSOOl/ 


' & & Yahool 



<*y *3 & "yxHoof ** « 

Hnarc« Music sKccpif q Mail My Yahoo’ Messenger 


Search Certegonr 

Senrrh the Web 


Images j Directory News Products 


1 S..r. h | . 


Free mail sign 

Autos 
Chat 
Finance 
Games 
Geo Cities 
Groups 
Health 


Yahoo! 


Yahoo! Small Business Gel a domain for $9 95/y» Build 

up Mail status: Sion In 


Hoi u scopes Movies 


HolJobs 

Kids 

Mail 

Maps 

Messenger 

Mobile 


Music 
My Yahool 
News 


Real Lstata 
Shopping 
Spoils 
Travel 


People Search TV 
Personals YeRow Pages 

PholOS All V! Service*.. 


Top 10 Gift Lists tor the Holidays 


• * 


Digit* 

Cameras 


- vV « 

- ? 

i-.,- 

Search the Web for more products: 


0 M 


«* 


Men's 

Watches 


COfTIfutM 


Running 

Irhaes 


Yahoo! Small Business 

Web H ogling Se* Online 

59.95 Domains Search Listings 


Entertainment 


Yahoo! l-eatui»d Services 

Personal Website Personals 
Live NCAA Au<4o HoUobs 

" More Entertainment 


O.C fill* bio 

Rrarr I on . VUhnf (Ho 


• Preview Thursday's new episode of The 0 C.' 

• Coin Farrel discusser. Becoming Alexander’ 

• LAUNCH Music Video Premiere Good Charlotte 

• Watch an exclusive dp from Blade Tifnlty' 


a web site Open an online alme 

Yahoo! Autos 

F(m» 9rlc«» Quotas. Car Insurance, 
Na*r Car Guide. Sadsnc, Mora 



10:36pm. Wad Mow i 


• Suicide bomber clashes in Iraq ki 27 

• Kmart to acquire Seats in S1 1 billion deal 

• House GOP changes rules to protect Delay 

• Democrats question Kerry's campaign funds 

• More than 100.000 chidien in foster care 

• Melting glaciers said threatening Everest 

• Disney relaunches Muppets on web site 

• NBA • Soccer MLB • NFL • NCAA Hoops 


Sports . Stock* • Nwswfc ■ Flection* 


Local Weathui 


Enter u.S. C«tv or Zip Code 




• Find worWwida weather 

>/\ Sa«e location on thh page 


>rlH ic canrrlitnn (nr 


Miirkt-t|»l<»< 

e 

-f 

Online degree programs 

Accredited colleges and 
universities. Associate. 

Bachelor's Masters. Postgrad 

anrl more 






V 
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Lab - 62: Creating Do not Isolate user FTP Site 


Objective: 

To host ftp site using iis 

Prerequisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server or Domain Controller. 

• A computer running windows 2012 server or Windows 7. 

Topology: 



MICROSOFT.COM 


SYS1 


SYS2 


Domain Controller/DNS/Ftp Server 

Member Server 

/ Client 

IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Steps: 


Open any drive and create a folder (Ex: FTP Dir) -^Open the folder and create some files Ex: 
l.txt, 2.txt, 3.txt, 4.txt. 


1. 




Home Shore 


View 


Ftp Dir 


Copy 


□ 


Paste 


* Cut 
S3 Copy path 

m Paste shortcut 


V 'levs item *• 

• d Easy access* 

Move Copy Delete Rename Nevr 
» folder 


3 

Properties 


ij4 Open 
□ Edit 


ffl Select all 
Select none 
Invert selection 


Clipboard 


Organize 

New 

Open 

select 

© " t 

k » 

Computer ► 

New Volume (D:) 

► Ftp Dir 


v Cr 

yk Favorites 


Name 


Date modified 

Type 

Size 

■ Desktop 

J» Downloads 

!i 

0 2 


5/10/2013 10:... 
5/10/2013 10:.. 

Text Document 
Text Document 

0 KB 

0 KB 

v. Recent places 

Ll 3 

04 


5/10/2013 10:... 
5/10/2013 10;.. 

Text Document 

Text Document 

0 KB 

0 KB 


a Libraries 
*3 Documents 
Music 
E.\ Pictures 
8 Videos 


> Computer 
% Network 


2. Go to Start, select Internet Information Services (IIS) Manager. 


Start 



Administrator ^ 



w 



T 

4 * 

Server Manager 

Window; 

PowtrShell 

Artn-inicttarive 

look 

Group Policy 
Management 

ArtM’ Hereto 7 

Module tor ... 

File Server 

Re«ource._ DHCP 


Q 




a 

^ 





r c c* IjillllllliHlHililllllMHllliiliylfl 

Computer 

Ia4 Mmsgei 

ADSI Fdt 

OomaimanrL 

Information... 



e 

♦ 

1 


CooUd Panel 

Internet bpfcxer 

Arture Directory 
Users and.. 

Active D rectory 

Administrative. 





tf 

* 

Jk 


Desktop 

■»a ■■ . m. 

Active Directory 

Sites, and.. 

DNS 
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TECH N OLOG IE 



3. In the left pane of the Internet Information Services dialog box Expand the server Right 
click on Sites and select ADD FTP Site 


File View Help 


*'UI£] I* 


Connections 


: Start Page 

-< -' i i SY51 (MICROS OF T\Adm i mstrator) 
vj Application Pools 
a a^Srtes 

i- 9 D« 9 Add Website.., 


Refresh 


Add FTP Site- 


Switch to Content View 


Ready 


Uj/I Sites 


filter; 

Name * ID 

# Default Web.. 1 


Go Show All '■ Group by; 
Status Binding 
Started (._ ‘SO [http) 



Internet Information Services (IIS) Manager 

1 M 


•i ► SYS1 ► Sites ► 

UJ -| W * 


Features View Content View 


Actions 

0 Add Website.. 

Set Website Defaults. . 

K Add FTP ■, 

Set FTP Site Defaults- 

O Help 

Online Help 


4. In Site Information screen, enter the FTP site name, and enter the path to the home folder 
(Content Directory)you want to assign to this FTP site. This can be either a local path or a UNC 
path of the shared folder -►you can browse for this folder if you need to -►click Next. 
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5. In the Bindings and SSL Settings dialog box select the IP address and port no. and select “NO 
SSL". 



Add FTP Site 

7| *| 

Binding and SSL Settings 




Binding 

IP Address: Port: 


10.00.1 V 


21 

J Enable Virtual Host Names: 

Virtual Host (example: ftp.contoso.com): 



vl Start FTP site automatically 
SSL 

S> No SSL 
O Allow SSL 
O Require SSL 

SSL Certificate 
Not Selected 


Previous 

Next 


Cancel 






6. In Authentication and Authorization Information dialog box, Check the box for Anonymous 
and Basic, Select All Users, Check the box for Read and Write click Finish. 
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Verification: 



ZOOM 


TECH NOLOGIESj 


Accessing the FTP site from the Client systems 


SYS2- CONFIGURATION 

1. Go to any Computer ->Open Internet Explorer and type fto://ftp ip address and Press Enter. 


Ex: ftp://10. 0.0.1 




) ©ftp://10.0.0.1/ 

P-SO ©FTP root at 10.0.0.1 


FTP root at 10.0.0.1 

To view this FTP site in File Explorer: press Alt, click View, and then click Open FTP Site in File Explorer 


05/10/2013 10:21PM 0 1. txt 
05/10/2013 10:21PM 0 2.txt 
05/10/2013 10:21PM 0 3.txt 
05/10/2013 10:21PM 0 4 ■ txt 
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Lab - 63: Installing and Configuring Windows Deployment Services 


Objective: 

To deploy operating system through network using WDS 

Prerequisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller, DHCP with Scope, DNS with 
Services records. 

• A computer with or without any Operating system. 

Topology: 



SYS1 



SYS2 


MICROSOFT.COM 


SYS1 

Domain Controller / WDS Server 

IP Address 10.0.0.1 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 


SYS2 

WDS Client 

IP Address 
Subnet Mask 
Preferred DNS 
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Installing Windows Deployment Services 

SYSl- CONFIGURATION 

1. Go to Start, click Server Manager 



2. In the Server Manager Console, Select Add roles and features 

Server Manager 


-o' x 


Dashboard 


•* (p) I Marv»go look View LMp 


Dashboard 


j Local Server 
is All Servers 
i|i ADDS 
Tl DHCP 
& DNS 

ii File and Storage Services > 


WELCOME TO SERVER MANAGER 


OUICX SIAKI 


WHATS NEW 


Configure this local server 

2 Ado roles and features 

3 Add other servers to manage 

4 Create a server group 


LEARN MORE 


Hide 


ROLES AND SERVER GROUPS 

Roles: 4 | Server groups- 1 | Servers total- 1 


i|i ADDS 

1 

ti DHCP 

1 


© Manageability 

© Manageability 

V 
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ZOOM 


.TECHNOLOGIES. 


3. In Before you begin page, click Next. 




Add Roles and Features Wizard 


L-MJ 


Before you begin 


DCSTIIMATIOCJ SERVER 

syslJAcrosofLcom 


Before 'itiu Begin 


Installation T /pe 
Server Seeoicn 


This wizard helps you install roles role services, or features. You determine which roles, role 
services, or features to install based on the computing needs of your organization, such as 
sharing documents, or hosting a website. 

To remove roles, role services, or features: 

Start the Remove Roles and Features Wizard 


Before you continue, verify that the following tasks have been completed: 

•The Administrator account has a strong password 

• Network settings, such as static IP addresses, are configured 

• The most current security updates from Windows Update are installed 

If you must verify that any of the preceding prerequisites have been completed, close the 
wizard, complete the steps, and then run the wizard again. 

To continue, click Next 


I Skip this page by default 


| < Previous | [ Next > jj Install | Cancel 

4. Select Role-based or feature-based installation, click Next. 




Add Roles and Features Wizard 


- O x 


Select installation type 


DESTINATION SERVER 
syst-Mirroohcom 


Before You Seair 


Installation Type 


Server Selection 


Select the installation type. You can install roles and features or a running physical computer or virtual 
machine, or on an offline virtual hard disk (VHD). 

* Role-based or feature-based installation 

Configure a single server by adding roles, role services, and features. 


Remote Desktop Services installation 

Install required role services for Virtual Desktop Infrastructure (VDI) to create a virtual 
machine-based or session-based desktop deployment. 


< Previous 

Next • 

Install 

Cancel 
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5. Select a server (sysl.Microsoft.com) from the server pool and click Next. 


Add Roles and Features Wizard 


- O lx 


Select destination server 


DESTINATION SERVER 
sysl. Microsoft 43001 


Before ton Begin 
Installation Type 


Server Selection 


Server Roles 

Features 


Setect a server or a virtual hard disk on which to install roles and features. 

• Select a server from the server pool 
C Select a virtual hard disk 

Server Pool 


Filter 




Name 

IP Address Operating System 

sysl. Microsoft com 10.0.0.1 Microsoft Windows Server Z012 Standard Fvaluatron 


1 Computers) found 

This page shows seivers that are running Windows Server 2012. and that have been added by 
using the Add Servers command in Server Manager. Offline servers and newly-added servers 
from which data collection is still incomplete are not shown. 


< £revious 


find ■ 


Cancel 


6. In select server roles, check the box Windows Deployment Services, click Next. 


Add Roles and Features Wizard 


- a x 


Select server roles 


DESTINATION SERVER 
sysl .Microsoft .con 


Before fbu Begin 
Installation Type 
Server Seiecuor 



Features 

WDS 


Role Services 
Confirmation 


Select one or more roles to install on the selected server. 

Roles 


l~l Active Directory Lightweight Directory Services 

□ Active Directory Rights Management Services 

□ Application Server 

M DHCP Server (Installed) 

M DNS Server (installed) 


I I Fax Server 

t> |</| File And Storage Services (installed) 

Q Hyper V 

□ Network Policy and Access Services 
n Print and Document Services 

_] Remote Access 
j Remote Desktop Services 
Q Volume Activation Sendees 

□ Web Server (IIS) 


rmdows Deployment Services 


[ | Windows Server Update Services 


Description 

Windows Deployment Services 
provides a simplified secure means of 
rapidly and remotely deploying 
Windows operating systems to 
computers over the network. 


< Rreviosis 


... : 


Install 


Cancel 
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7. In select features, click Next. 


Add Roles and Features Wizard 


Select features 


DESTINATION SERVER 
sysl.Ma050R.com 


Before tou Begin 
Installation ”ype 
Server Se'ecttoc 
Server Ro*es 


Features 


DHCP Server 
Confirmation 


Select one or more features to install on lire selected server 
Features 



Description 

JMET Framework 3.5 combines the 
power of the NET Framework 2.0 APIs 
with new technologies for building 
applications that otter appealing user 
interfaces, protect your customers' 
personal identity information, enable 
seamless and secure communication 
and provide the ability to model a 
range of business processes 


< Previous 




install 


Cancel 


8. Click Next. 


Add Roles and Features Wizard 


I- Ol 


WDS 


DESTINATION SERVER 
sy5l.M1cr050ft.e01n 


be*ore tou Begin 
Installation "ype 

Server Sei sector 
Server Rotes 


You can use Windows Deployment Services to install and configure Microsoft Windows operating system 
remotely on computers that are PXE-enabled. Windows Deployment Services replaces Remote installation 
Services (R1S) and assists with the rapid adoption and deployment of Windows. The Windows Deployment 
Services MMC snap-in allows you to manage all aspects of Windows Deployment Services. Windows 
Deployment Services also provides end-users with an evperience that is consistent with Windows Setup, 


Features 


WDS 


Role Services 

Confirmation 


Things to note: 

• Deployment Server requires that Active Directory Domain Services. DHCP, and DNS services 
are available on your network. Transport Server does not require any additional roles or 
services. Both of tfiese services require an NTFS partition for the file store. 

• Before you begin, you need to configure Windows Deployment Services by running either 
tFte Windows Deployment Services Configuration Wizard or WDSUtil.exe. You will also need 
to add at least one boot image and one install image to the image store. 

• To install Windows operating systems from a Windows Deployment Services server, either 
the client computers must be PXE enabled. or you must use the Windows Server 2008 R2 
version of Windows Preinstallation Environment (Windows PE). 


Overview of Windows Deployment Services 


< Erevtous 


. ?#«!..> ; 


install 


Cancel 
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9. In Select role services, Deployment and Transport Server is selected, click Next. 


Add Roles and Features Wizard 


L-^l 


Select role services 


DESTINATION SAVER 
sysl MKrosoftcom 


Before >tou Begir 


Select the role services to install for Windows Deployment Services 


Installation Type Role services Description 

Deployment Server provides the full 
functionality of Windows Deployment 
Services, which you can use to 
configure and remotely install 
Windows opeiating systems. With 
Windows Deployment Services, you 
can create and customize images and 
then use them to reimage computers 
Deployment Server is dependent on 
the cote parts of Transport Server. 


Server Se eerier 
Server Roles 
Features 
WDS 


Role Services 


~^l 

fi/| Transpott Server 


Confirmation 


| < Previous | 

Next > 


Install 

Cancel 


10. Check Restart the destination server automatically if required and click Install. 


Add Roles and Features Wizard 


\-°\ 


Confirm installation selections 


DESTINATION SERVER 
sysl .M*crosoR.corr 


Be‘cve tou Begin 
Installation Type 
Server Selecoor 
Server Rotes 
Features 
WDS 

Role Serv ices 


Confirmation 


To install the following roles, role services, or features on selected server dick Install 
“'I Restart the destination server automatically rf required 

Optional features (such as administration tools) might be displayed on this page because they have been 
selected automatically. If you do not want to install these optional features, dick Previous to dear their check 
botes. 

Remote Server Administration Tools 
Role Administration Tools 

Windows Deployment Services Tools 

Windows Deployment Services 
Deployment Server 
Transport Server 


Export configuration settings 
Specify an alternate source path 


< Erevious 


Next > 


install 


Cancel 
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ZOOM 


TECHNOLOGIES^ 


11. Click Close to complete the Installation. 


fL 


Add Roles and Features Wizard 


_ a 


Installation progress 


View instillation ptogiess 
O feature installation 

Installation succeeded on sys1.Microsoft.com. 


Results 


Remote Server Administration Tools 
Role Administration Tools 

Windows Deployment Services Tools 
Windows Deployment Services 
Deployment Server 
Transport Server 


DESTINATION SERVER 
sysl i/bcrosotLooni 


You can dose this wizard without interrupting running tasks View task progress or open 
0 this page again by clicking Notifications in the command bar, and then Task Details. 

Export configuration settings 

* Previous Eject > | Close _ . Cancel 


Note: SYS1 - CONFIGURATION 

• Install the DHCP Service (If not installed) and create a scope in the DHCP. 

• Give the range (10.0.0.10 - 10.0.0.100), and in the DHCP scope options mention the Domain 
name (Microsoft.com) and mention the DNS server IP address (10.0.0.1). 


0 
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.TECHNOLOGIES. 


Configuring Windows Deployment Services 

SYSl- CONFIGURATION 

1. Go to Start, select Windows Deployment Services. 




Server Manager | — O’ 

X 


,4 Dashboard 

» (o) | ^ Manage look View t 

ielp 


Dashboard 


WELCOME TO SERVER MANAGER 


j Local Server 
ii All Servers 
V ADDS 
£ DNS 

■S File and Storage Services > 



Configure this local server 


QUICK START 





2 

Add roles and features 



3 

Add other servers to manage 


WHAT'S NEW 

4 

Create a server group 


LEARN MORE 


Hide 




ROLES AND SERVER GROUPS 


Roles: 3 | Server groups: 1 

| Servers total: 1 




ljl ADDS 

1 

O 

DNS 

1 

© Manageability 

© 

Manageability 



2. Right click Server Name, Select Configure Server. 

Windows Deployment Services — 3 X 


File Action View Help 

* * a 1 eF¥ □ m 
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3. In Before You Begin Page, click Next. 


Windows Deployment Services Configuration Wizard 


Before You Begin 

i 




You can use this wizard to configure Windows Deployment Services. Once the server is 
configured. you will need to add at least one boot image and one install image 10 me server 
before you will be able to install an operating system. 


Boforo you bogin. ensure that the following requirements aro mot 

The server is a member of an Active Directory Domain Services (AD DS) domain, ora 
domain controllerfor an AD DS domain. If the server supports Standalone mode, itcan be 
configured without having a dependency on Active Directory. 

Thera is an active DHCP server on the network. This is because Windows Deployment 
Services uses Pre-Boot Execution Environment (PXE). which relies on DHCP for IP 
addressing. 

— There is an actve DNS server on your network 

- This server has an NTFS file system partition on which to store images. 


To continue, click Next 


< Back 


Next > 


Cancel 


4. In Install Options, in Domain Model select Integrated with Active Directory, click Next. 
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5. Browse and select any empty drive to store Image Folder (or) change the Drive letter click 

Next. 


Windows Deployment Services Configuration Wizard 

Remote Installation Folder Location 



The remote installation folder will contain boot images, install images. PXE boot files, and the 
Windows Deployment Services management tools. Choose a partition that is large enough 
to hold all or the images that you will have. This partition mustbe an NTFS partition and 
should not be the system partition. 


Enter the path to the remote installation folder 
Path: 

E\Remcteln stall 


Browse.. 


< Rack 


Next > 


Cancel 


Note: If the WDS server is a DHCP server also then one more wizard will be displayed 
indicating that the WDS service should not listen on port 67. 

So, we have to check the boxes, Do not listen on port 67 and Configure DHCP option tag 60 in 
all DHCP scope options to PXE Client. 


Windows Deployment Services Configuration Wizard 


Proxy DHCP Server 



If Dynamic Host Configuration Protocol (DHCP) is running on this server, check both of the 
following check boxes and use DHCP tools to add appropriate PXE options to all DHCP and 
DHCPvS scopes 

If a non Microsoft DHCP server is running on this server, then check the first box and manually 
configure DHCP option 60 and DHCPv6 Vendor Class for Proxy DHCP. 

The Windows Deployment Services Configuration Wizard detected Microsoft DHCP service 
running on the server Please select from the following options. 

[v]jPo not iisten on DHCP and DHCPv6gorts| 

@ Configure DHCP options for Proxy DHCP 


< Rack 


Next > 


Cancel 
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6. Select Respond to all Known and Unknown Client Computers, and click Next. 



7. Wizard will Configure the WDS Server 

8. Uncheck the box Add Images to Windows Deployment Server now, and click Finish. 

9. WDS Server Service configured successfully and started. 

Adding Windows 2012 Boot Image to WDS Server 


1. Right click Boot Images Select Add Boot Image. 


Windows Deployment Services 


L=_ 


a 


File Action View Help 


OtaJ Li | B 3 


£ Windows Deployment Services 
-* * i i Servers 

* sys1.Microsoft.corn 
£ Install Images 
i, Boot Images 
V Pending De< Add 
!■ H Multicast Tr 
v 81 Drivers 
v Active Directory F 


Boot Images 0 Boot Image(s) 


Image Name Architecture 


Status Lxpanded Size Date OS Version 
There are no items to show in this view. 


Priority 


View 

► 

Export List- 
Help 



<£ ill > 

Adds a Boot Image to the server 
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2. Browse and Select boot.wim file from 2012 OS DVD (Ex: D:\Sources\boot.wim) 


£ 


Add Image Wizard 


Image File 



Enter the location of the Windows image file that contains the images to add 


File location: 


Browse... 


Note: The default boot and install images (Bootwim and Install.wim) are located on the 
installation DVD in the \Sources folder 


More information about images and image types 


< Back 

Next> 


Cancel 


3. Click Next. 



0 
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4. Give Name to image Ex: Windows Server 2012. 


Image Metadata 


Add Image Wizard 


Enter a name and description for the following image: 
'Micros oft Windows Setup (x64)' 

Image name: 

Microsoft Windows 2012 Setup (x&4) 

Image description: 

Microsoft Windows 2012 Setup (x64) 

Image architecture: 
x64 



< Back 

i 

Next> 




Cancel 


5. Click Next. 
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.TECHNOLOGIES. 


6. Image will be added click Finish. 


0 

Add Image Wizard 


X 

T ask Progress 


4 * 

3 1 


The operation is complete 



The selected images were successfully added to the server 


< Back 

Finish 

5 


Cancel 


Adding Windows2012 Install Image to WDS Server 

1. Right click Install Images Select Add Install Image. 


Windows Deployment Services 


x 


File Action View Help 

ate) [*| Q ra 
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2. Give Name to Image Group Ex: Server Group and click Next. 


g Add Image Wizard 

X 

■ 

Image Group 



This wizard adds an install image to your server You must have atleast one install image 
and one boot image on your server in order to boot a client using Pre-Boot Execution 
Environment (PXE) and install an operating system. 


An image group is a collection of images that share common file resources and security 
Enter the image group for the install image that you want to add. 


Select an existing image group 


(•) Create an image group named 


Serve rGroup 


<gack 

Next> 


Cancel 


3. Browse and select Install.wim file from 2012 OS DVD (Ex: D:\Sources\install.wim) click 
Next. 


Add Image Wizard 


X 


Image File 



Enter the location of the Windows image file that contains the images to add. 


File location: 


D:\sources\installwim 


Browse ... 


Note: The default boot and install images (Bootwim and Install.wim) are located on the 
installation DVD in the \Sources folder. 


More information about images and image types 


< Back 

Next> 


Cancel 
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TECH NOLOGIE! 


4. Select Windows Server 2012 STANTARD and click Next. 


Add Image Wizard 

Available Images 


The file that you specified contains the following images. Select the images thatyou want to 
add to the server 


Name 

Architec 

Description 

□ Windows Server 2012 SERVERSTANDARDCORE 

x64 

Windows S 

0 Windows Server 2012 SERVERSTANDARD 

x64 

Windows S 

H Windows Server 2012 SERVERDATACENTERCORE 

x&4 

Windows S 

□ Windows Server 2012 SERVERDAT AC ENTER 

x64 

Windows S 

| < | III 


> 


@ Use the default name and description for each ofthe selected images 


< Back 

Next> 


Cancel 


5. Click Next 


Add image Wizard 

Summary 




You have selected the following images 

Image group: ServerGroup 

Imago fie D:\sources\mstall wirr 

Selected images 


Name 

■ Windows Server 2012 SERVERSTANDARD 





To change your selection, click Back To add the selected images to the server, click Next 


< Back 


Next> 


Cancel 



MCSE Lab Manual 


Page | 373 


www.zoomgroup.com 





6. 


Click Finish. 



Verification: 

1. Boot the Client system with PXE NIC Card 

2. Press F12 key when prompted to start the Installation. 

3. Then mention the Administrator Credential. 

4. Select the Operating System which you want to install. 

5. Select the Partition to install the O.S and follow the instructions 
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Lab - 64: Installing and Configuring HYPER - V 



Objective: 

To Configure Virtualization using Hyper-V 

Pre-requisites: 

Before working on this lab, you must have 

• A Computer with Windows Server 2012 Operating System Hyper-V host. 

Topology: 


MICROSOFT.COM 


SYS1 

Domain Controller 

IP Address 10.0.0.1 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 
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Steps: 

1. Click Server Manager. 



2. In Server Manager Dashboard, Click Add roles and features. 




Server Manager I — ® 

X 


44 Dashboard 

* (5) | Manage Itxik View E 

Help 


I" Dashboard 


i Local Server 
■a All Servers 

rgi ADDS 

& DNS 

■S File and Storage Services > 


WELCOME TO SERVER MANAGER 



Q Configure this local server 


quicic siAMr 





2 

Add roles and features 



3 

Add other servers to manage 


WHAT'S NEW 

A 

Create a server group 


LEARN MORE 


Hide 




ROLES AND SERVER GROUPS 

Roles: 3 | Server groups: 1 | Servers total: 1 


rgl AD DS 1 


£ DNS 1 

© Manageability 


© Manageability 
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TECHNOLOGIES^ 


3. In Before you begin page, click Next. 


Add Roles and Features Wizard 




Before you begin 


DCSTIIMATIOCJ SERVER 

syslJAcrosofLcom 


Before fou Begin 


Installation T ype 
Server Seeoicn 


This wizard helps you install roles role services, or features. You determine which roles, role 
services, or features to install based on the computing needs of your organization, such as 
sharing documents, or hosting a website. 

To remove roles, role services, or features: 

Start the Remove Roles and Features Wizard 


Before you continue, verify that the following tasks have been completed: 

•The Administrator account has a strong password 

• Network settings, such as static IP addresses, are configured 

• The most current security updates from Windows Update are installed 

If you must verify that any of the preceding prerequisites have been completed, close the 
wizard, complete the steps, and then run the wizard again. 

To continue, click Next 


I Skip this page by default 


< Previous 


niextr- 


Install 


Cancel 


4. In Select installation type, select Role-based or feature-based installation, click Next. 


Add Roles and Features Wizard 


- a 


X 


Select installation type 


DESTINATION SERVER 
systMicrosofUom 


Before Vbu B~gir 


Installation Type 


Server Selection 


Select the installation type You can install roles and features on a running physical computer or virtual 
machine, or on an offline virtual hard disk (VHD). 

* Role-based or feature-based installation 

Configure a single server by adding roles, role services, and features. 


Remote Desktop Services installation 

Install required role services for Virtual Desktop Infrastructure (VDI) to create a virtual 
machine-based or session-based desktop deployment. 


< Erevious I | Next > 


Install 


Cancel 
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5. In Select destination server, from Server Pool select SYSl.Microsoft.com, click Next. 




Add Roles and Features Wizard 


I I M 


Select destination server 


DESTINATION SERVER 
sysUWcrosofUcm 


Before Msu Begin 
Installation Type 


Server Selection 


Server Roles 
Features 


Select a server or a virtual hard disk on which to install roles and features. 

• Select a server from the server pool 
O Select a virtual hard disk 

Serve r Pool 

Filter 



Name IP Address Operating System 


sy=l Microsoft com 10 0 0 1 Microsoft Window, Server .'>0 1 Standard r valuation 


1 Computer(s) found 

This page shows servers that are running Windows Server 2012, and that have been added by 
using the Add Servers command in Server Manager. Offline servers and newly-added servers 
from which data collection is still incomplete are not shown. 


6. In Roles, check the box Hyper-V. 


< 2revrous | | Next > 


Cancel 
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TECH NOLOGIES> 


7. Click Add Features, to install the required features for Hyper-V. Click Next. 


Add Roles and Features Wizard 


Add features that are required for Hyper-V? 

The following tools are required to manage this feature, but do not 
have to be installed on the same server. 


a Remote Server Administration Tools 
a Role Administration Tools 
^ Hyper-V Management Tools 

[Tools] Hyper-V Module for Windows PowerShell 
[Tools] Hyper-V GUI Management Tools 


-V Include management tools (if applicable) 


Add Features 


Cancel 


8. In Select features wizard, click Next. 


Add Roles and Features Wizard 


Select features 

Before Vbu Begin 
installation Type 
Server Seection 
Server Roes 

Hyper-V 

Virtual Switches 
Migrator 
Default Stores 
Confirmatior 


Select one or more features to install on the selected server. 


features 


> n 


NET Framework 3.5 Featun 


s 

□ 

□ 

□ 

□ 

□ 

□ 

□ 

n 

□ 

□ 

□ 


• NET Framework 4.5 Feotures (Installed) 

Background intelligent 'ransfer Sen/ice (BITS) 

BitLocker Drive Encryption 

BitLocker Network Unlock 

BranchCache 

Ckent for NFS 

Data Center Bridging 

Enhanced Storage 

Failover Clustering 

Croup Policy Management (Installed) 

Ink and Handwriting Services 

Internet Printing Oient 

IP Address Management (IPAM) Server 


i I 


C ESTIMATION SERVER 
S’SI Vlitrosortcom 


Description 

■NET Framework 35 combines the 
power of the .NET Framework 20 
APIs with new technologies tor 
building applications that offer 
appealing user interfaces, protect 
your customers personal identity 
information, enable seamless and 

secure communication, and provide 
the ability to model a range of 
business processes. 


5 


Previous 


Nextc 




_CA n .ce. ! , 


l/io\w moccanoc in Arfinn f cntor A X 
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9. 


In Hyper-V wizard, click Next 



10. Check the box Ethernet 2 to work as Virtual Switch. Click Next. 


if. 


Add Roles and Features Wizard 


- a 


X 


Create Virtual Switches 


DESTINATION SERVER 
sysl.Miaosoftoom 


Before Vbu Begir 
Installation Type 
Server Selection 
Server Roles 
Features 
Hyper-V 


Virtual Switches 


Migration 
Default Stores 
Confirmation 


Virtual machines require virtual switches to communicate with other computers. After you 
install this role, you can create virtual machines and attach them to a virtual switch. 

One virtual switch will be created for each network adapter you select. We recommend that 
you create at least one virtual switch now to provide virtual machines with connectivity to a 
physical network. You can add, remove, and modify your virtual switches later by using the 
Virtual Switch Manager. 

Network adapters: 

Name Description 

Q Ethernet NVIDIA nf-orce Networking Controller 

0 Ethernet 2 D-Unk DFE-520TX PCI Fast Ethernet Adapter 


i We recommend that you reserve one network adapter for remote access to this server. To 
reserve a network adapter, do not select it for use with a virtual switch. 


< Rrevious 


Next > 


Install | Cancel 
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11. In Virtual Machine Migration Page, click Next. 


rL 


Add Roles and Features Wizard 




Virtual Machine Migration 


DESTINATION SBVER 

S V S1 Mk/osoflcom 


Before rou Begin 
Installation T/ps 
Server Seecion 
Server Roes 
Features 


Hyper-V can be configured to send and receive live migrations of virtual machines 
on this server. Configuring Hyper-V now enables any available network on this 
server to be used for live migrations. If you want to dedicate specific networks for 
live migration, use Hyper-V settings after you install the role. 

□ Allow this server to send and receive live migrations of virtual machines 


Hyper-V 

Virtual Switches 


Migrator 


Default stores 
Confirmation 


Authentication protocol 

Select the protocol you want to use to authenticate live migrations. 

• Use Credential Security Support Provider (CredSSP) 

This protocol is less secure than Kerberos, but does not require you to set up 
constrained delegation. To perform a live migration, you must be logged on 
to the source server. 

O Use Kerberos 

This protocol is more secure but requires you to set up constrained 
delegation in your environment to perform tasks such as live migration 
when managing this server remotely 


A. If this server will be part of a cluster, do not enable migration now. Instead, you 



c £ievious 




Install 

Cancel 






12. In Default Stores Page, click Next. 
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13. Check box Restart the destination server automatically if required, click Install. 



14. Computer Restarts and completes the installation of Hyper-V Role. 

15. Click Close. 
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Lab - 65: Creating Virtual Machine on Hyper-V 



Objective: 

To create virtual machine using Hyper-V 

Pre-requisites: 

Before working on this lab, you must have 

• A Computer with Windows Server 2012 Operating System Hyper-V host. 

Topology: 


MICROSOFT.COM 


SYS1 

Domain Controller 

IP Address 10.0.0.1 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 
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Steps: 

1. Go to Start, select Hyper-V Manager. 


Start 


Administrator 


& 

V 

ft 


Window* 

Ad mm i strain* 

Server Manager 

Po*crShei 

Tool: 

Q 

m 


Computer 

Task Manager 


W 

£ 


Control Panel 

Internet Explorer 



Dccktop 



♦ 

% 

Act#** Directory 

Act #.e Directory 

Hypei-V 

Domains and... 

Users and- 

Manager 


~V~Jj 

Act#.* Directory 
Admnisratrve... 

n 

ADSI Edit 




P 

Act#.* Directory 

Group Pokey 

Sites and*. 


Management 

• 

Jk 


1 

9 [ 

DNS 


Hyper-V Virtual 
Machine.. 


2. In Hyper-V Manager, right click on Server Name (SYS1) and select New Virtual Machine. 
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3. In Before you begin page, click Next. 



Before You Begin 


New Virtual Machine Wizard 


Before you Begin 


Specify Name and Location 
Assign Memory 
Configure Networking 


This wizard helps you create a virtual machine. You can use virtual machines in place of 
physical computers for a vanety of uses. You can use this wizard to configure the virtual 
machine now, and you can change the configuration later using Hyper -V Manager . 

To create a virtual machine, do one of the following: 


Connect V/i rtua: Hard Disk 
Installation Options 
summary 


• CSdc Fnish to create a virtual machine that is configured with default values. 

• cick Next to create a virtual machine with a custom configuration. 


Do not show this page again 


< Previous 

1? 1 

IS Next > 


Is : 


Finish 


CanaH 





4. Enter Name and Location for the Virtual Machine (Ex: Win 2012) and click Next. 
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5. In Assign Memory Page, Enter the amount of RAM for the virtual machine (Ex: 1024 MB) and 
select Use Dynamic Memory for this virtual machine. 



Assign Memory 


New Virtual Machine Wizard 


Before You Begn 
Specify Name and Location 


Assign Memory 


Configure Networking 
Connect Vrtual Hard Disk 
Installation Options 
Summary 


Specify the amount of memory to allocate to this virtual machine. You can specify an amount from 8 
MB through 2 198 MB. To improve performance, specify more than the mtnmum announ t recommended 
for the operating system. 


Startup memory: 


1024 


MB 


@ Use Dynamic Memory for this virtual machine. 


g When you decide how much memory to assign to a virtual machine, consider how you intend to 
use the virtual machine and the operating system that it will run. 


< Previous 


Next > 


Finish 


Cancel 


6. In Configure Networking Page, select Virtual Switch Adapter click Next. 


New Virtual Machine Wizard 


x 



Configure Networking 


Before You Begin Each new virtual machine indudes a network adapter. You can aonfgure the network adapter 

Spedty Name and Location to use a virtual switch, or it can remain disconnected. 

Assign Memory Connection. 


Configure Networking 


Connect Virtual Hard Qsk 
Installation Options 
Summary 


D-Link DFE-520TX Pa Fast Ethernet Adopter - Virtuol Switch v 

Not Connected 


D Link OFT 520TX rg Past Ethernet Adapter Virtual Switch 


< Previous 


Next > 


Finish 


Canopl 
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7. In Connect Virtual Hard Disk Page, select Create a virtual hard disk and enter the Name, 
Location and Size of the virtual hard disk. Click Next. 



8. In Installation Options, select Install an operating system from a boot CD/DVD-ROM, click 
Next. 


New Virtual Machine Wizard 



Installation Options 




Before You Begin 
Spetify Name and l oration 
Assign Memory 
Configure Networking 
ConnectVrtua Hard Disk 


Installation Options 


D: 


Summary 


You can install an operating system now if you have access to the setup media, or you can 
install it later. 

O Install an operating system later 

• ! Ins tall an operating system from a boot CD/DVD -RQM I 
Media 

(• Physical CD/DVD drive: 

O Image file (.iso): 


O Install an operating system from a boot floppy disk 

Virtual floppy disk (,Vd): | | Brows 

O install an operating system from a network-based installation server 


< Previous 

Next > 

Finish 

Cancel 
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9. In Completing the New Virtual Machine Wizard, click Finish. 



10. In Hyper-V Manager console, right click virtual machine (Ex: win 2012), click Start. 


Hyper-V Manager 




File Action View Help 

»+l ate] Bjffll 

JJ Hyper-V Manager 
3iSYS2 


Virtual Machines 


Name 


Snapshc 


Win 201 


State 

Connect... 

Settings.. 

Start 


CPU Usage Assigned Mem- Uptime 


Status 


Snapshot 
Move- 
Expo rt.. 

Rename- 

Delete... 

Enable Replication.. 
Help 


•chine has no snapshots 


Created: 22/2013 ?:3S2SPM 
Notes: None 


Clustered: No 


Summary Memory j Networking | Replication 


Actions 

SYS2 



New * 


Import Vir... 


Hyper-V S... 

» 

Virtual Swi... 

ai 

Virtual SA... 


Edit Disk... 

a 

Inspect Di... 

® 

Stop Service 


Remove S... 

a 

Refresh 


View ► 

B 

Help 

Win 2012 

•i 

Connect... 

is 

Settings... 

o 

Start 

b 

Snapshot 


• . 


Starts the selected virtual machine. 
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11. Right click virtual machine (Ex: win 2012), click Connect. 


a 


I lyper-V Manager 


l- »l 


File Action View Help 

&1 QfH 


33 Hyper-V Manager 
3i SYS2 


Virtual Machines 


Snapsho 


Win 201 


CPU Usage Assigned Mem.. Uptime 


Status 


Conned.. 



Settings... 

Turn Off- 
Shut Down... 

Save 

Pause 

Reset 

Snapshot 

Move... 

Rename- 

Enable Replication- 
Help 


thin e ha s no snapshots 


Clustered: No 
Heartbeat: No Contact 


Summary Memory | Nemodang | Repticaton | 


Actions 


SYS 2 


- " 



New ► 

La» 

Import Vir... 


Hyper-V S— 

rrr 

• • 

Virtual Swi... 

at 

Virtual SA... 

s-4 

Edit Disk... 

Em 

inspect Di... 

® 

Stop Service 

X 

Remove S... 

(l 

Refresh 


View ► 

a 

Help 

Win 2012 

< 

Conned- 


Settings... 

® 

Turn Off- 

9 

Shut Dow... 

** 

r 


Launches the Virtual Machine Connection application. 


12. Install the Operating System on Virtual Machine. 
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Lab - 66: Creating Fixed Size Virtual Hard Disk 



Objective: 

To create fixed size virtual hard disk using Hyper-V 

Pre-requisites: 

Before working on this lab, you must have 

• A Computer with Windows Server 2012 Operating System Hyper-V host. 

Topology: 


MICROSOFT.COM 


SYS1 

Domain Controller 

IP Address 10.0.0.1 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 
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Steps: 

1. Go to Start, select Hyper-V Manager. 


Start 


Administrator 


& 

V 

ft 


Window* 

Ad mm i strain* 

Server Manager 

Po*crShei 

Tool: 

Q 

m 


Computer 

Task Manager 


W 

£ 


Control Panel 

Internet Explorer 



Dccktop 



♦ 

% 

Act#** Directory 

Act #.e Directory 

Hypei-V 

Domains and... 

Users and- 

Manager 


~V~Jj 

Act#.* Directory 
Admnisratrve... 

n 

ADSI Edit 




P 

Act#.* Directory 

Group Pokey 

Sites and*. 


Management 

• 

Jk 


1 

9 [ 

DNS 


Hyper-V Virtual 
Machine- 


2. In Hyper-V Manager, right click on Server Name (SYS1) and select New Hard Disk. 
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3. In Before you begin page, click Next. 



New Virtual Hard Disk Wizard 


Before You Begin 


Before you Begin 


Choose Disk Format 
Choose Disk Type 
specify Name and Location 
Configure Disk 
Summary 


This wizard helps you create a new virtual hard disk.. Virtual hard disks provide storage for 
virtual machines and are stored on physical media as .vhd or .vhdx files. 


Do not show this page again 


Previous 


Next > 


Finish 


CanaH 





4. In Choose Disk Format Page, select VHDX and click Next. 
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5. In Choose Disk Type, select Fixed size and click Next. 


New Virtual Hard Disk Wizard 



Choose Disk Type 


Before You Begin Vttiat type of virtual hard disk do you want to create? 


Choose Dsk For mat 


Choose Dsk Type 


Specify Name and Location 
Configure Dsk 
Summary 


• Fixed size 

This type of disk provides better performance and is recommended for servers running 
applications with high levels of disk activity. The virtual hard dsk fie that is created initially 
uses the size of the virtual hard disk and does not change when data is deleted or added. 

0 Dynamically expanding 

This type of disk provides better use of physical storage spaoe and is recommended for 
servers running applications that are not disk intensive. The virtual hard dsk file that is 
created is small initially and changes as data is added. 

O Differencing 

This type of disk is associated in a parent child relationship with another disk that you 
want to leave intact you can make changes to the data or operating system without 
affect ng the parent disk, so that you can revert the changes easily. All children must have 
the same virtual hard disk format as the parent (VHD or VHDX). 


< Previous 

Next > ! 

Finish 

Cancel 

1 

i i 




6. Enter Name, Browse and select Location for virtual hard disk, click Next. 
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7. Select Create a new blank virtual hard disk. Size of virtual hard disk. Click Next. 


New Virtual Hard Disk Wizard 



Configure Disk 


Before You Begin 
Choose Disk Format 
Choose Disk Type 
Specify Name and Location 


Configure Disk 


Summary 


You can create a blank virtual hard disk or copy the contents of an existing physical disk. 
• Create a new blank virtual hard disk 
2 GB (Maximum: 64 TB) 


Size: 


O copy the contents of the speofied physical disk: 


Physical Hard Disk 

Size 


\UPHYS1CALDRJVE0 

149 GB 


Copy the contents of the speofied virtual hard disk 

Path: | 


Browse... 


< Erevious 



Finish 


Canoe) 


8. Click Finish to create the New Virtual Hard Disk. 
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9. It creates a new Fixed size virtual hard disk. 


Creating the new virtual hard disk 



Verification: 

1. Go to the location of the Fixed size virtual hard disk (Ex: E:\Virtual Hard Disks), select Fixed 
Disk.vhdx file Properties and verify the Size and Size on disk. 
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Lab - 67: Creating Dynamically Expanding Virtual Hard Disk 



Objective: 

To create dynamically expanding virtual hard disk using Hyper-V 

Pre-requisites: 

Before working on this lab, you must have 

• A Computer with Windows Server 2012 Operating System Hyper-V host. 

Topology: 


MICROSOFT.COM 


SYS1 

Domain Controller 

IP Address 10.0.0.1 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 
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Steps: 

1. Go to Start, select Hyper-V Manager. 


Start 


Administrator 


& 

V 

ft 


Window* 

Ad mm i strain* 

Server Manager 

Po*crShei 

Tool: 

Q 

m 


Computer 

Task Manager 


W 

£ 


Control Panel 

Internet Explorer 



Dccktop 



♦ 

% 

Act#** Directory 

Act #.e Directory 

Hypei-V 

Domains and... 

Users and- 

Manager 


~V~Jj 

Act#.* Directory 
Admnisratrve... 

n 

ADSI Edit 




P 

Act#.* Directory 

Group Pokey 

Sites and*. 


Management 

• 

Jk 


1 

9 [ 

DNS 


Hyper-V Virtual 
Machine- 


2. In Hyper-V Manager, right click on Server Name (SYS1) and select New Hard Disk. 
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3. In Before you begin page, click Next. 



New Virtual Hard Disk Wizard 


Before You Begin 


Before you Begin 


Choose Disk Format 
Choose Disk Type 
specify Name and Location 
Configure Disk 
Summary 


This wizard helps you create a new virtual hard disk.. Virtual hard disks provide storage for 
virtual machines and are stored on physical media as .vhd or .vhdx files. 


Do not show this page again 


Previous 


Next > 


Finish 


CanaH 





4. In Choose Disk Format Page, select VHDX and click Next. 
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5. In Choose Disk Type, select Dynamically expanding and click Next. 


New Virtual Hard Disk Wizard 



Choose Disk Type 


Before You Begin v\hat type of virtual hard disk do you want to create? 


Choose Dsk Format 


Choose Dsk Type 


Specify Name and Location 
Configure Dsk 
Summary 


O fixed size 

This type of disk provides better performance and is recommended for servers running 
applications with high levels of disk activity. The virtual hard dsk fie that is created initially 
uses the size of the virtual hard disk and does not change when data is deleted or added. 

f* 1 Dynamically expanding 

This type of disk provides better use of physical storage spaoe and is recommended for 
servers running applications that are not disk intensive. The virtual hard dsk file that is 
created is small initially and changes as data is added. 

O Differencing 

This type of disk is associated in a parent child relationship with another disk that you 
want to leave intact you can make changes to the data or operating system without 
affect ng the parent disk, so that you can revert the changes easily. All children must have 
the same vi rtual hard disk format as the parent (VHD or VHDX). 


< Previous 

Next > ! 

Finish 

Cancel 

1 

1 i 




6. Enter Name, Browse and select Location for virtual hard disk, click Next. 
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7. Select Create a new blank virtual hard disk, Size of virtual hard disk. Click Next. 


New Virtual Hard Disk Wizard 



Configure Disk 


Before You Begin 
Choose Disk Format 
Choose Disk Type 
Specify Name and Location 


Configure Disk 


Summary 


You can create a blank virtual hard disk or copy the contents of an existing physical disk. 
• Create a new blank virtual hard disk 
GB (Maximum: 64 TB) 


Size: 


100 


O copy the contents of the speofied physical disk: 


Physical Hard Disk 

Size 


\UPHYS1CALDRJVE0 

149 GB 


Copy the contents of the speofied virtual hard disk 

Path: | 


Browse... 


< Erevious 



Finish 


Canoe) 


8. Click Finish to create the New Virtual Hard Disk. 
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9. It creates a new Fixed size virtual hard disk. 


Creating the new virtual hard disk 




Cancel 



Verification: 

1. Go to the location of the Dynamically expanding virtual hard disk (Ex: E:\Virtual Hard Disks), 
select Dynamically expanding Disk.vhdx file Properties and verify the Size and Size on disk. 
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Lab - 68: Creating Differencing Virtual Hard Disk 



Objective: 

To create differencing disk using Hyper-V 

Pre-requisites: 

Before working on this lab, you must have 

• A Computer with Windows Server 2012 Operating System Hyper-V host. 

Topology: 


MICROSOFT.COM 


SYS1 

Domain Controller 

IP Address 10.0.0.1 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 
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Steps: 

1. Go to Start, select Hyper-V Manager. 


Start 


Administrator 


& 

V 

ft 


Window* 

Ad mm i strain* 

Server Manager 

Po*crShei 

Tool: 

Q 

m 


Computer 

Task Manager 


W 

£ 


Control Panel 

Internet Explorer 



Dccktop 



♦ 

% 

Act#** Directory 

Act #.e Directory 

Hypei-V 

Domains and... 

Users and- 

Manager 


~V~Jj 

Act#.* Directory 
Admnisratrve... 

n 

ADSI Edit 




P 

Act#.* Directory 

Group Pokey 

Sites and*. 


Management 

• 

Jk 


1 

9 [ 

DNS 


Hyper-V Virtual 
Machine- 


2. In Hyper-V Manager, right click on Server Name (SYS1) and select New Hard Disk. 
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3. In Before you begin page, click Next. 



New Virtual Hard Disk Wizard 


Before You Begin 


Before you Begin 


Choose Disk Format 
Choose Disk Type 
specify Name and Location 
Configure Disk 
Summary 


This wizard helps you create a new virtual hard disk.. Virtual hard disks provide storage for 
virtual machines and are stored on physical media as .vhd or .vhdx files. 


Do not show this page again 


Previous 


Next > 


Finish 


CanaH 





4. In Choose Disk Format Page, select VHDX and click Next. 
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5. In Choose Disk Type, select Differencing and click Next. 


New Virtual Hard Disk Wizard 



Choose Disk Type 


Before You Begin v\hat type of virtual hard disk do you want to create? 


Choose Dsk Format 


Choose Dsk Type 


Specify Name and Location 
Configure Dsk 
Summary 


O Rsed size 

This type of disk provides better performance and is recommended for servers running 
applications with high levels of disk activity. The virtual hard disk fie that is created initially 
uses the size of the virtual hard disk and does not change when data is deleted or added. 

0 Dynamically expanding 

This type of disk provides better use of physical storage spaoe and is recommended for 
servers running applications that are not disk intensive. The virtual hard disk file that is 
created is small initially and changes as data is added. 

® Differencing 

This type of disk is associated in a parent child relationship with another disk that you 
want to leave intact you can make changes to the data or operating system without 
affect ng the parent disk, so that you can revert the changes easily. All children must have 
the same virtual hard disk format as the parent (VHD or VHDX). 


< Previous 

Next > 

Finish 

Cancel 

1 

l " 1 




6. Enter Name, Browse and select Location for virtual hard disk, click Next. 
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7. In Configure Disk Page, Browse and select the Parent Disk, click Next. 



8. Click Finish to create the New Virtual Hard Disk. 



New Virtual Hard Disk Wizard 




Completing the New Virtual Hard Disk Wizard 


Before you Begin 
Ctxxrse Disk Format 
Choose Disk Type 
Spedfy Name and Location 
Configure Disk 


Summary 


You have successfully completed the New Virtual Hard Disk Wzard. You are about to create 
the following virtual hard disk. 

Description: 


Format: 

VHDX 

Type: 

differencing 

name: 

Oiffemcing Disk, vhdx 

Location: 

E:\Virtjal Hard Disks 

Parent: 

fc:\Hyper-v\virtual Hard Disks\wm 2012. vhdx 


To create the urtual hard disk and dose this wizard, dick Finish. 


< Previous 

Next > 

Finish 


Cancel 
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*■* 


9. It creates a new Differencing virtual hard disk. 


Creating the new virtual hard disk 




Cancel 



Verification: 

1. Go to Hyper-V Manger Console, right click Server, select Inspect Disk. 
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2. Browse and select the Differencing Disk from (E:\Virtual Hard Disks). 



3. In Virtual Hard Disk Properties, select Inspect Parent. 



Virtual Hard Disk Properties 


General 


Format: 

lype: 


VHDX 

Differencing virtual hard disk 


Location: E:\Virtual Hard Disks 

File Name: Differncing Dislcvhdx 

Current File Size: 4 MB 

Maximum Disk Size: 127 GB 


Parent: 


E:\Hyper-V\Virtual Hard DisksNWin 2Q12.vhdx 


□ X 


j Inspect Parent... I 


Close 
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- 


4. Verify the Parent Virtual Hard Disk Properties and click Close. 


a 


Virtual Hard Disk Properties 


_ n x 


General 


Format: 

lype: 


VHDX 

Dynamically expanding virtual hard disk 


Location: E:\Hyper-V\Virtual Hard Disks 

File Name: Win 20i2.vhdx 

Current Rle Size: 8.6 GB 

Maximum Disk Size: 127 gb 


Close 
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Lab - 69: Configuring Virtual Networks 



Objective: 

To create virtual switches using Hyper-V 

Pre-requisites: 

Before working on this lab, you must have 

• A Computer with Windows Server 2012 Operating System Hyper-V host. 

Topology: 


MICROSOFT.COM 


SYS1 

Domain Controller 

IP Address 10.0.0.1 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 
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Steps: 

1. Go to Start, select Hyper-V Manager. 


Start 


Administrator 


& 

V 

ft 


Window* 

Administrative 

Server Manager 

Po*crShei 

Tool: 

Q 

m 


Computer 

Task Manager 


W 

£ 


Control Panel 

Internet Explorer 



Dccktop 



♦ 

% 

Actwe Directory 

Ai.tf.-e Directory 

Hypei-V 

Domains and... 

Users and- 

Manager 


~V~Jj 

Active Directory 
Admnisratrve... 

n 

ADSI Edit 




P 

Aclfve Directory 

Group Pokey 

Sites and* 


Management 

• 

Jk 


1 

9 [ 

DNS 


Hyper-V Virtual 
Machine* 


2. In Hyper-V Manager, right click Server(SYSl) and select Virtual Switch Manager. 

L= ° 


Hyper-V Manager 


File Action View Help 


aH fl[s| 
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3. In Virtual Switch Manager Page, select New virtual network switch, select Internal, and click 
Create Virtual Switch. 


Virtual Switch Manager for SYS2 



x 


« Virtual Switches 

ft New virtual network switch 
* A D-Unk DFE-520TX Pa Fast Ether. 

D unk DFE-520TX pet Fast Ethe. 


ft Create virtual switch 

What type of virtual switch do you want to create? 
External 


* Global Network Settings 
0 MAC Address Range 

00 15 5t>8A 94 00tO00 15 5D... 


Internal 


Private 


Create Virtual Switch : 

Creates a virtue switch that can be used only by the virtual machines that run 
on this physical computer, and between the virtual machines and the physical 
rnm purer at internal virtual switch does not proMde connectivity to a phyaral 
network connection. 


QK | [ Cancel 


4. 


Select Internal Network, enter the Name (Ex: Internal Network) and in Connection type select 


Internal network, click OK. 


Virtual Switch Manager for SYS2 


- a 


x 


* Virtual Switches 

ft New virtual network switch 
i) A D unk DFE 520TX PCI Fast Ether... 
D-unk DFE-520TX pa East Ethe... 

3 A Inter nal Network 
Internal only 

» Global Network Settings 

0 MAC Address Range 

00 15 5D-8A 94 00 to 00-15 50... 


A virtual switch Properties 

Name: 

[internal Network 


Notes: 



V 

ork 


□ Enable sngkr root I/O vrtuaipaton 

(• Internal network 
O Envate network 


Connection type 

What do you want to connect this virtual switch to? 
O External network: 

D-ljnk DFE-520TX PCI Fast Ethernet Adapter 

[V] Allow management operating system to share 


VLAN ID 

n Enable virtual LAN identification for management operating system 

The VLAN identifier specifies the virtual LAN that tire management 
operating system wfl use for all network communications through this 


OK 


Cancel 


Apply 
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5. In Virtual Switch Manager Page, select New virtual network switch, select Private, and click 
Create Virtual Switch. 


Virtual Switch Manager for SYS2 


_ □ 


* Virtual Switches 


ft New virtual network switch 
& A D unk DFE-520TX pci Fast Fther.. 

D Unk DFE 520TX pa Fast Ethft. 

a A Internal Network 
Internal only 

& Global Network Settings 


0 MAC Address Range 

00 1 5-5D-8A 94 00 to 00 15 50.. 


ft Create virtual switch 


What type of virtual switch do you want to create? 

External 

Internal 


Create Wrtual Switch 


Creates a virtual switch that can be used only by the virtual machines that run 
on this physical computer. 


OK 


Cancel 


Apply 


6. Select Private Virtual Network, enter the Name (Ex: Private Virtual Network) and in Connection 
type select Private network, click OK. 


Virtual Switch Manager for SYS2 


_ n 


* Virtual Switches 
ft New virtual network switch 
a A D-Unk DFE-520TX PCI Fast Ether... 
D-Unk DFE-520TX Pa Fast Ethe... 

a A internal Network 
Internal only 

3 A Private Virtual Network 
Private virtual switch 
» Global Network settings 
9 MAC Address Range 

00 15-50 8A 94 00 to 00 IS 5D... 


A virtual switch Properties 


Name: 


Pri /ate Virtual Network 


Notes: 



connection type 

What do you want to connect this virtual switch to? 
C External network: 


D-unk DFE-520TX PCI Fast Ethernet Adapter 

v] Alow management operating system to share this n 
adapter 


d Enable single root I/O virtualization (SR IOV) 

O Internal network 
<• Pnvate network 

VLAN ID 

Fnable virtual IAN identification for management operating system 

The VLAN identifier specifies the virtual LAN that the management 
operating system will use for all network communications through this 

natuvult arlantor Thlc ratthin rinoc n»V afford i i rti i al m artiino 


OK 


Cancel 


Apply 
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7. Go to Hyper-V Manager, right click Virtual Machine (Ex: win 2012) select Settings. 


m .jig; Ti 

File Action View 

*+| a[U Ba] 

ii Hyper-V Manager 
Bl SYS2 


Hyper-V Manager 

Help 


Virtual Machines 


Name 

■ I 


< 


State CPU Usage Assigned Mem. Uptime 


Status 


Connect- 

Settings... 


Start 

Snapsho Snapshot 
Move- 


Win 20 


Export.. . 

Rename... 

Delete... 

Enable Replication.. 
1 Help 


ichm« has no snapshots. 


Created: 2/2/201 3 7.35 25 PM 
Notes: None 


Clustered: No 


Summary Memory | Networking | Replication 

J < K* II 

Displays the virtual machine settings user interface. 



Actions 


SYS2 




New ► 


Impo... 


Hype... 

nr* 

• • 

Virtu... 

JL 

Virtu... 


Edit ._ 


Inspe... 


Stop ... 

* 

Rem... 

a 

Refre... 


View ► 

□ 

Help 

Win 2012 * 

-3 

Conn... 

tii 

Setti... 

O 

Start 

2» 

Snap... 

a* 

• • 


8. Select Add Hardware, select Network Adapter, and click Add. 


in 


Win 2012 


* Hardware 

! /s 


i v bios 

Boot tram CD 

■ Memory 

512 MB 

3 □ Processor 

1 Virtual processor 
a ■ IDE Control er 0 
ta Hard Drive 
Win 2012. vhdx 
a lot controler 1 
t* DVD Drive 

Physical drive D. 

K SCSI Controller 
a ft NetworK Adapter 

D Link DFE520TX PU Fast E. 
f COM 1 
None 
f* COM 2 
None 

LJ Diskette Dnve 

None 

Management 
ll Name 

VUn 2012 

1 Integration Services 


Settings for Win 2012 on SYS2 

i ► a 


_ □ 


Add Hardware 

You can use this setting to add devices to your virtual madiine. 
Select the devices you want to add and didc the Add button. 
SCSI Controller 


Network Adapter 


Legacy Network Adapter 
Fibre Channel Adapter 

RemotefX 3D Video Adapter 


Add 


A network adapter requires drivers that are instated when you install ntegranon 
services in the guest operating system. 


OK 


Cancel 


APP 
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9. Select Network Adapter and select Internal Network. 


Settings for Win 2012 on SYS2 


□ 


X 


Win 2012 


ft Hardware 

A 


*L Add Hardware 


1% BIOS 

Boot from CD 

m Memory 

512 MB 

it D Processor 

1 Virtual processor 

= * IDE Controller 0 
«-* Hard Drive 
VWn 2012. vhdx 
= ■> IDE Controller 1 
DVD Drive 
Physical drive D: 

SCSI Controller 

* 6 Network Adapter 

D-Unk DFF-520TX PCI Fast E... 

* - Network Adapter 

Not connected 
^ COM l 
None 
T COM2 
None 

W Diskette Drive 

None 

ft Management 

i Name 


► Cl 


H Network Adapter 

Specify the configuration of trie network adapter or remove the network 
adapter. 

Virtual switch: 



The VLAN identifier specifies the virtual LAN that this virtual madi 
use for all network oommurtcations through this network adaptei 

_ 2] 


Bandwidth Management 
I Enable bandwidth management 

Speafy how this netvrork adapter utiSzes network bandwidth. Both 
Mjnimum Bandwidth and Maximum Bandwidth are measured in 


Megabits per second. 
Mmimum bandwidth: 
Maxmum Pandwdth: 




Mbps 
0 Mbps 


To leave the minimum or maxmum unrestricted, speafy 0 as the 
value. 


ro remove the netivorlc adapter from this vrtual machine, ddc Remove. 


OK 

Canoe! 


Apply 


10. Select Network Adapter and select Private Virtual Network. 
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Verification: 
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1. Log on to Virtual Machine, go to Network Connection and verify for 3 network adapters 
External, Internal and Private Virtual Networks respectively. 



2. Go to Network connection on Host machine and verify 2 virtual network adapters connected 
to External and Internal networks respectively. 


T^L 


Network Connections 

T 'V ► Control Panel ► Network and Internet * Network Connections » 


Organize w 


earcti Network Come P 

- O 



Ethernet 

UmOentifieO network 


NVIDIA nforce Networking Contt 



vEthernet (Internal Network) 

Unidentified network 


Hyper 


Ethernet Adapter . 



Ethernet 2 

Enabled 

D-Linfc DEE-WOTX PCI Fast Ethem 


■ ~ ^Ethernet (O-Unk DFE-520TX PCI 

Fast Ethernet Adapter - Virtual Sw. 

Microsoft.com 2 


4 items 2 items selected 
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Lab - 70: Configuring Hyper-V Replica 


Objective: 

To configure high availability of virtual machines using Hyper-V replica 

Pre-requisites: 

Before working on this lab, you must have 

• A Computer with Windows Server 2012 Operating System domain controller/Hyper-V host. 

• A member server running windows server 2012 Hyper-V host. 

Topology: 



MICROSOFT.COM 


SYS1 

Domain Controller / Hyper-V 

IP Address 10.0.0.1 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 


sys2 

member server / Hyper-V 

IP Address 10.0.0.2 

Subnet Mask 255.0.0.0 

Preferred Dns 10.0.0.1 
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Steps: 

SYS2- CONFIGURATION 

1. Log on to Member Server SYS2 as Domain Administrator and Install Hyper-V. 

2. Go to Start, type Firewall, select Windows Firewall with Advanced... 


Apps 


Results for "firewall" 


Windows Firewall 
with Advanced 


Search 

Apps 

I 

I 

[Hip Apf * 

Settings 


i 


Files 


Internet Explorer 


3. Select Inbound Rules, Right click Hyper-V Replica HTTP Listener (TCP-ln), Enable Rule and 
Hyper-V Replica HTTPS Listener (TCP-ln) and Enable Rule. 


| File Action View Help 

| + * £[SJ D S 

«r Windows Firewall with A 

Inbound Rules 

Actions 

C Inbound Rules 

Name 

Group 

Profile t * 

Inbound Rules 

C Outbound Rules 

8 Hypei-V (REM0TE.DE5KT0PJCP.IN) 

Hyper-V 

All T 

tC New Rule.. 

h. Connection Security R 

8 Hyper V (RPC) 

Hyper-V 

All T 

V Filter by Profile ► 

* Monitoring 

8 Hyper-V (RPC-EPMAP) 

Hyper-V 

All T 

V Filter by Slate ► 


it Hyper-V Management Clients - WMI (Async-ln) Hypet-V Management. All ) 

V Filter by Group ► 


©Hypei V Management Clients WMI (DCOM-ln) Hyper-V Management . All ) 

View ► 


8 Hyper-V Management Clients - WMI fTCP-ln) Hyper-V Management. All ) 

p Refresh 


^jHypef-V Replica HI TP listener (TCP-ln) 

Enable Rule 

a HUP All (■ 

Export List™ 


# Hyper V Replica HTTPS listener (TCP In: 

a HTTPS All f 

U Help 


• iSCSI Service (TCP-ln) 

Cut 

All r 

Hyper-V Replica HTT... - 


• Key Management Service (TCP-ln) 

Copy 

ml Serv_. All f 

O Enable Rule 


• Nettogon Service (NP-ln) 

UVICIC 

ce All f 

K cut 


• Netlogon Service Authz (RPC) 

Properties 

te All t 

4 Copy 


• Network Discovery (LLMNR-UDP- In) 

Help 

rery Domain ) 

X Delete 


• Network Discovery (LLMNR-LIDP-ln) 

Network Discovery Private f 

5 Properties 


• Network Discovery (LLMNR-UOP-ln) 

Network Discovery Public ) 

Q Help 


• Network Discovery (NB Datagram-In) 

Network Discovery Public ) 



8 Network Discovery (N8-Datagram-ln) 

Network Discovery Domain ) 



• Network Discovery (NB-Datagram-ln) 

Network Discovery Private I 



O Network Discovery (NB Name In) 

Network Discovery Domain ) 



8 Network Discovery (NB-Name-ln) 

Network Discovery Public ) 



• Network Discovery (NB-Name-ln) 

Network Discovery Private f 



8 Network Discovery (Pub-WSD-ln) 

Network Discovery Public ) 



A *i.i r> . . . . o i. « • i rr> • . 

kr.L r\ ' 

tv . v 


t 

< 


> 


II triable Rule 
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4. Go to Start, select Hyper-V Manager. 


Start Administrator ^ 



T 

ft 

M 

♦ 

% 

Server Manager 

Windows. 

Po*erShcl 

AOrninstfrftve 

Tools 

Act** Directory 
Domains and... 

Active Directory 
Dscrsand.« 

Hyp«f-V 

Manager 

Q 

m 


S 

* 


Computer 

Task Manager 


Act** Directory 
Adminisffative... 

ADSI Edit 


W 



rf 

1 


Central Panel 

1 nee met Explorer 


Active Directory 
Sites and.. 

Group Pokey 
Management 





i 

9 


Desktop 

■■■I. ■ ■ •> 


DNS 

Hyper-V Virtual 
Machine- 



5. In Hyper-V Manager, right click on Server Name (SYS2) and select Hyper-V Settings 


HyceM' Manager 


File Action View Help 


*i £ Is Bi 


3] Hyper-V Manager 

laSYSfj 


Virtual Machines 


New 

Import Virtual Machine .. 

Hyper V Settings.. 

Virtual Switch Manager 
Virtual SAN Manager.. 

Edit Disk... 
inspect Disk- 
Stop Service 
Be move Servet 
Refresh 

View 

Help 


State 


CPU Usage Assigned Mem.. Uptime 


Status 


He v r._a f ouid an this servw 


®J 


No viud fi ac'r o 


Details 


Actions 

SYS2 


New 

j* Import Virtual Ma. 
Hyper V Settings. 

! Virtual Switch Ma . 
^ Virtual SAN Mana~ 
Edit Disk. 

.£3 Inspect Disk.. 

@ Stop Service 
A Remove Server 
Q Refresh 
View 
U Help 


No «en rejected 


Launches the Hyper-V settings user interface. 
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6. Select Replication Configuration, check box Enable this Computer as a Replica server and 
check Use Kerberos (HTTP) 



7. In Authorization, select Allow replication from any authenticated server 



8. Click OK. 
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SYS1- CONFIGURATION 

1. Go to Start, Hyper-V Manager, right click on virtual machine (Win 2012) and select Enable 
Replication. 


Hyper-V Manager 


- ° 


File Action View Help 

fi[ii] Ufii| 

jj Hyper-V Manager 
It SYS1 


Virtual Machines 


Name 


Snapsho 


Win 201 


State 

Connect.. 

Settings... 

Turn Oil... 

Shut Down.. 

Save 

Pause 

Reset 

Snapshot 

Move.. 

Rename... 


CPU Usage Assigned Mem.. Uptime 


Fnable Replication.. 


I machine has no snapshots. 


Help 

Cleared: 8f1/20144-1852PM 
Notes: Nona 


Clustered: No 


Summary Memory I Nuturo iking Ruplicalon 

I HI 


Actions 

SYS1 

▲ 


1 

New 



1 a 

Import Virtual Machin. 



1 

Hyper-V Settings. 



?: 

' 1 

Virtual Switch Manage.. 



1 

k 

Virtual SAN Manager. 



Ls 

Edit Disk... 



l 

Inspect Disk. 




Stop Service 



* 

Remove Server 



r 

Refresh 




View 

► 


U 

Help 



Win 2012 

a. 



Connect.. 



k 

Settings. 



• 

Turn Off- 



® 

Shut Down. 



& 

Save 




enables replication tor the selected virtual machine 


2. In Before you Begin Page, click Next. 




MCSE Lab Manual 


Page | 421 


www.zoomgroup.com 







ZOOM 


TECH NOLOGIE! 


3. Click Browse. 



4. Enter the server name SYS2, click OK. 



5. Click Next, accept the defaults click Next. 
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6. Click Next. 


Enable Replication for Win ?012 



Configure Recoveiy History 



Before You Begin 
Spedfy Replica server 
Spedfy Connection 
Parameters 

Choose Replication VHDs 


Configure Recovery History 


Choose In Dal Replication 
Method 

summary 


You can choose to store only the latest recovery point of the primal y virtual machine on the 
Replica server or to add additional recovery points, allowing \ou to reaover to an earlier point 
In time. Additional recovery points require more storage and processing resources. 

Spedfy the number of recovery points to save. 

<!' Only the latest recovery point 
C Additional recovery points 

Number of add tonal leooverv points to be stored! ' trR 

AddDonai recovery snapshots are created every hour. Estimated addmonai space required 
on the Repika server for storing these recovery snapshots: 

3.46 GB 

to repi>cate an incremental snapshot using the volume Shadow copy Service (VS5), select 
the fd lowing fher k bo>, and then use the elder to specify the frequency these snapshots 
are taken using appacamm consistent copies Mil impact the performance of applications 
running in the prmary yutual machine when tliese snapshots are taken. 

[ | Replace ‘naeinental VSS anpy every; 

1 four >. Q= i 12 hours 

4 hOU!(s) 


r 

. 



finish 


Cancel 


7. Select Initial Replication Method, click Next. 
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8. Click Finish. 



9. Verify for Sending Initial Replication. 

Hyper -V Manager 




File Action View Help 


> ale] Bis 


35 Hypef-V Manager 
IlSYSI 


Virtual Machines 


Natrte 


State 


Win 201? Running 


CPU Usage Assigned M. 

S3 


UptL. Status 


00 30-26 Sendng Initial PepRc a (M*4) 


Snapshots 


i- i Win 2012 Initial Replica <8/1)2014 4 55 5B PM) 
: IF Now 


Win 2012 


Created: 3/V2014 4 18.52 PM 
Notes: None 


Glistered: No 

Heartbeat: OK (Apple anon 
Healthy) 


Summary Memory [ Networking | Replication 


Actions 


SYS1 

▲ 

A 


New 

► 


A 

Import Virtual- 



£ 

Hyper-V Setti. 



art 

* * 

Virtual Switch _ 



j. 

Virtual SAN M_ 




Edit Disk.. 


= 


Inspect Disk.. 



® 

Stop Service 



X 

Remove Server 



o 

Refresh 




View 

► 


□ 

Help 



Win 2012 

▲ 


4 

Connect.. 



fc 

Settings. 



<9 

Turn Off. 



d 

Shut Down . 



a 

Savf» 


V 



MCSE Lab Manual 


Page | 424 


www.zoomgroup.com 









ZOOM 


.TECHNOLOGIES. 


Verification: 


1. Go to Hyper-V Manger Console, and verify for replicated Virtual Machine. 

2. To Test Failover, right on the virtual machine ->select Replication and click Test Failover. 


Hyper-V Manager 


File Action View Help 

«■*! aGSiHW 



Virtual Machines 

State 


Snapshots 


Win 2012 


CPU Usage Assigned Mem... Uptime Status 


Connect... 

Settings. 

Start 


Snapshot 

Move... 


Export.. 


Rename... 


Delete.. 

ll 

Replication 


Help 



treated: 3/1/2014 4 55:57 PM 
Motrc None 


Failover.. 

Test Failover .. 

Pause Replication 
View Replication Health.. 
Remove Replication 


Clustered: U: 




Suinnun Meffiniy 't-tHnrxrg Peplcaro'. 

Creates a coov of the selected virtual machine to be used tor testino replication tor the selected virtual machine 


Actions 

SYS2 

New 

l* Import Virtual Ma... 
£ Hyper-V Settings.. 

Virtual Switch Ma 
a: Virtual SAN Mana._ 
t*S Edit Disk . 

Inspect Disk. 

@ Stop Service 
A Remove Server 
Cl Refresh 
View 
D Help 
Win 2012 


aj Connect... 

£■ Settings.. 
O Start 
2* Snapshot 
? Move... 

Export. 

«■! Rename... 
» Delete.. 

Replication 
B Help 
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Lab - 71: Installing and Configuring Routing 


Objective: 

To configure software router using Windows Server 2012 

Prerequisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• 2 computer running windows 2012 server with minimum 2 NIC cards. 

• A computer running windows 2012 server web server. 

Topology: 



MICROSOFT.COM 



SYS1 


SYS2 


Domain Controller / DNS Server 

Router- 1 


IP Address 

10.0.0.2 

IP Address 

10.0.0.1, 11.0.0.1 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Gateway 

10.0.0.1 

Gateway 


DNS Server 

10.0.0.2, 12.0.0.2 

DNS Server 

10.0.0.2 

SYS3 


SYS4 


Router - II 


Web server/ 

DNS Server 

IP Address 

11.0.0.2,12.0.0.1 

IP Address 

12.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Gateway 


Gateway 

12.0.0.1 

DNS Server 

12.0.0.2 

DNS Server 

12.0.0.2, 12.0.0.1 


MCSE Lab Manual 


Page | 426 


www.zoomgroup.com 


0 



ZOOM 


.TECHNOLOGIES. 


Assigning the IP Address to Configure Routing 

ON PRIVATE: 

1. Logon to Private. 


R 

Administrator 

iS 

Computer 



Network 

PRIVATE 


B 

Recycle Bin 

w 

Control Parrel 

10.0.0.2 



1 i.3 


* R 0'.' 


2. Check the IP settings: 


Go Server Manager^ Local ServeH>click 10.0.0.2, Right click NIC card ^ click Properties 


Network Connections 



*• ► Control Panel ► Network and Internet ► Network Connections 

o 

> 

| Searc 


Organize * Disable this network device Diagnose this connection Rename this connection 




10 . 0.02 

Microsoft.com 

NVIDIA nforce Networking Contr. . 
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Right click NIC card click Properties -^Internet Protocol Version4 (TCP/IPv4) -^Properties 
Define the IP address as mentioned below. 


Internet Protocol Version 4 (TCP/IPv4) Pro... 

General 


You cor get IP settings assignee outorratically if your network 
supports this capability. Otherwise, you need to ask your network 
administrator for the appropriate IP settings. 


obtain ar IF address automatically 
• j^t^"|StowingFpSress 
F address: 


sgbret mask: 
Default gateway: 


Obtain DNS server address automatically 

• Use the following DNS server addresses 
Preferred DNS server: 


Alternate DNS server: 


Validate settngs upon exit 


10 . 

0 

0 

2 


355 . 

0 

0 

0 


10 . 

0 

0 

1 


10 . 0 . 0 . 2 


Advanced... 


OK 


Cancel 


ON ROUTER 1: 

1. Logon to Routerl 


Administrator 


Q 

Computer 

% 


Network 


Recycle Bin 


ROUTER- 1 


10.0.0.1 11.0.0.1 


Control Panel 


Servsr Manager 

iL 
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2. Check the IP settings: 

Go Server Manager-^ Local Server-^click 10.0.0.1, Right click NIC card -^click Properties 
-^Internet Protocol Version 4 (TCP/IPv4) -^Properties Define the IP address as mentioned 
below. 


Network Connections 


f | *§• ► Control Panel ► Network and Internet ► Network Connections 


Organize ~ 


10.0.0.1 

_ Microsoftcom 2 

D-Link DFE-S20TX PCI Fast Ethem.. 


11.0.0.1 

Unidentified network 

^ NVIDIA nEorce Networking Confer .. 


v | Search Network 


ij- 

tl- 


On ROUTER 2: 


1. Log on to Router2 


Administrator 




Computer 


5 


ROUTER-2 


Recycle Bin 


11.0.0.2 12.0.0.1 


Control Pane 


Strjer l/aruga 


* 
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2. Check the IP settings : 

Go Server Manager-^ Local Server->click 11.0.0.2, Right click NIC card ->click Properties 
-^Internet Protocol Version 4 (TCP/IPv4) ^Properties Define the IP address as mentioned 
below. 


t 


Network Connections 

*£■ ► Control Panel ► Network and Internet ► Network Connections ► 


Organize 



11 . 0 . 0.2 

Unidentified network 

D-Link DFE-520TX PCI Fast Ethem... 


12.0.0.1 

Unidentified network 

NVIDIA nForce Networking Contr.. 




On PUBLIC: 

1. Logon to Public 


R 

Administrator 

Q 

Computer 



Network 

PUBLIC 


V 

Retycle Bin 

m 

Control Panel 

12.0.0.2 



Sb .."4 


* ^ O ' 
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2. Check the IP settings : 


Go Server Manager Local Server click 12.0.0.2, 


Network Connections 




'«*• ► Control Panel ► Network and Internet ► Network Connections 

O 

> 



Organize- Disable this network device Diagnose this connection 



12.0.0.2 

Enabled 

NVIDIA nForce Networking Contr... 


Rename this connection 


3. Right click on NIC card click Properties -^Internet Protocol Version 4 (TCP/IPv4) 
-> Properties *■> Define the IP address as mentioned below. 


Internet Protocol Version 4 (TCP/IPv4) Pro... 



General 

You ran get IP settings assigned automatically f your network 
supports this capability. Otherwise, you need to ask your network 
administrator for the appropriate IP settings. 


Q Obtain an IP address automatically 
• Use the following P address 
jp address: 

Subnet mask: 

Default gateway: 


12 

0 

0 

2 


255 

0 

0 

0 


12 . 

0 

0 

1 


Obtain DNS server address automatically 


• Use the following DNS server addresses 


Preferred DNS server: 

12 . 0 . 0 . 2 


Alternate DNS server: 




0 validate settings upon exit 


Advanced.. 


QIC [ Cancel 


0 
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Installing Routing Service on Routerl & Router2 

SYS2- CONFIGURATION 

1. Click Server Manager 


Administrator 


*3 

Computer 


Network 

ROUTER-1 

V 

Recycle Bin 

10.0.0.1 11.0.0.1 

w 

Control Panel 





£3 


2. Select Add roles and features. 


r* 


Server Manager | — ® 

X 


4 * Dashboard 

» (5) | Manage Tools View 

tetp 


iss Dashboard 


WELCOME TO SERVER MANAGER 


| Local Server 
ii Ail Servers 

iS File and Storage Services > 


QIJICK START 

O Configure this local server 

WHAT'S NEW 

i 2 Add roles and features 

3 Add other servers to manage 

4 Create a server group 

Hide 

LEARN MORE 


ROLES AND SERVER GROUPS 

Roles: 1 | Server groups: 1 | Servers total: 1 


File and Storage 1 


| Local Server 1 

k Services 



© Manageability 


(♦) Manageability 
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3. In Before you begin page, click Next. 


Add Roles and Features Wizard 


|- fl J 


Before you begin 


DESTINATION SERVER 
SVS2 Mcrosoftcom 


Before Ifou Begin 


Instei ati or Type 
Server Seectior 


This wizard helps you install roles role services, or features. You determine which roles, role 
services, or features to install based on the computing needs of your organization, such as 
sharing documents, or hosting a website. 

To remove roles, role services, or features: 

Start the Remove Roles and Features Wizard 


Before you continue, verify that the following tasks have been completed: 

• The Administrator account has a strong password 

• Network settings, such as static IP addresses, are configured 

• The most current security updates from Windows Update are installed 

If you must verify that any of the preceding prerequisites have been completed, close the 
wizard complete the steps, and then run the wizard again. 

To continue, click Next 


□ Skip this page by default 


| < Previous f Next > ; Install | Cancel 

4. Select Role-based or feature-based installation ->click Next 


Add Roles and Features Wizard 


- a 


X 


Select installation type 


OCSTINATION SERVER 
SrS2JjScrovoft.com 


Be ’ore Vbu Begin 


Installation Type 


Server Selection 


Select the installation type You can install roles and features on a running physical computer or virtual 
machine, or on an offline virtual hard disk [VHD). 

• Role-based or feature-based installation 

Configure a single server by adding roles, role services, and features. 


Remote Desktop Services installation 

Install required role services for Virtual Desktop Infrastructure (VDI) to create a virtual 
machine-based or session-based desktop deployment. 


< Previous 


Next > 


1 


Install 


Cancel 
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5. Select a server (SYS2.Microsoft.com) from the server pool and click Next. 


Add Roles and Features Wizard 


L-MJ 


Select destination server 


DESTINATION SERVER 
SrS2McrosofUoim 


Before von Begir 
Installation Type 


Server Selection 


Server Roles 
Features 


Select a servei or a virtual hard disk on which to install roles and features. 

• Select a server from the server pool 
O Select a virtual hard disk 

Serve r Pool 

Filter 

| Name IP Address Operating System 


SYSP.MkTOSoft.com 1C 0 0 ?. 1 1 0 0 1 Microsoft Window; Server P01P Standard EygjUgjjon 


1 Computer(s) found 

This page shows servers that are running Windows Server 2012, and that have been added by 
using the Add Servers command in Server Manager. Offline servers and newly added servers 
from which data collection is still incomplete are not shown. 


| < Previous | [ Next > !j Install | Cancel 

6. In select server roles, check the box Remote Access. 


rL 


Add Roles and Features Wizard 


-OX 


Select server roles 


DESTINATION SERVER 
SVS2Jvtiaosottxom 


Before fou Begir 
Insulation T ype 
Server Se eerier 


Server Roles 


Features 
Remote Access 
Role Services 
Web Server Roe (US) 
Role Services 
Confirmation 


Select one or more roles to install on the selected server. 

Roles 


□ Active Directory Lightweight Directory Services 

□ Active Directory Rights Management Services 
f~l Application Server 

□ DHCP Server 

□ DNS Server 

□ Fax Server 

t> ✓] pde And Storage Services (installed) 

□ Hyper-V 

l~l Network Policy and Access Services 

□ Print and Document Services 

n Remote Desktop Services 
|~| Volume Activation Services 
[3 Web Server (IIS) 

~ | Windows Deployment Services 
[~| Windows Server Update Services 


Description 

Remote Access provides Seamless 
Connectivity, Always On and Always 
Managed experience based on 
DirectAccess. RAS provides traditional 
VPN services including site-to-site 
({branch office or doud) connectivity. 
Routing provides tiaditional routing 
capabilities including NAT, and other 
connectivity options. 


< Previous 


Next > 


Install 


Cancel 
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7. Click Add Features, to install the required features for Remote Access. Click Next. 


Add Roles and Features Wizard 


Add features that are required for Remote Access? 

You cannot install Remote Access unless the following role services 
or features are also installed. 


Remote Server Administration Tools 
a Role Administration Tools 

* Remote Access Management Tools 

[Tools] Remote Access GUI and Command-Line Too 
[Tools] Remote Access module for Windows Powers 
Web Server (IIS) 

* Management Tools 

[Tools] IIS Management Console 

in | I > 


@ Include management tools Of applicable) 


l 

Add Features 


Cancel 


8. In Select features wizard, click Next. 


Add Roles and Features Wizard 


I I — 


Select features 


(DESTINATION SERVER 
SVS2Mcrosoftcom 


Before >bu Eegir 
Installation Type 
Server Seecticr 
Server Roles 


Features 


Remote Access 
Role Services 
Web Server Roe (IIS) 
Role Services 
Confirmation 


Select one or more features to install on the selected server 


Features 


i i tmnuvwi rctrciLW-K rvi woiutri 
H] Windows Identity Foundation 3.5 
</l Windows Internal Database (Installed) 

> [1] Windows PowerSheii [Installed) 

> 1] Windows Process Activation Service (Installed) 
l~l Windows Search Service 

r~) Windows Server Backup 
l~l Windows Server Migration Tools 
| Windows Startdaids- Based Storage Management 

□ Windows System Resource Manager (Deprecated) 
I | Windows TIFT IFilter 

□ WinRM IIS Extension 
I I WINS Server 

□ Wireless LAN Service 
[✓I WoW64 Support (Installed) 

□ XPS Viewer 


Description 

.NET Framework 3.5 combines the 
power of the NET Framework 2.0 APIs 
with new technologies for building 
applications that offer appealing user 
interlaces, protect your customers' 
personal identity information, enable 
seamless and secure communication, 
and provide the ability to model a 
range ot business processes 


< Previous | | Next > 


Cancel 
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9. In Remote Access Page, click Next. 




Add Roles and Features Wizard 


- O 


x 


Remote Access 


DESTINATION SERVER 
SY*S2 K%crosoftcom 


Before Vbu Begin 
Instei ation Type 
Server Se lection 
Server Roles 
Features 


Remote Access 


Role Services 
Web Server Role (IIS) 
Role Services 
Confirmation 


Remote Access combines DirectAccess and RRAS VPN into a single management console. 

Deploy DirectAccess to allow managed domain joined computers to connect to the internet 
corporate network as DirectAccess clients. Connectivity is seamless and transparent and is 
available any time client computers are located on the Internet. DirectAccess administrators 
can remotely manage clients, ensuring that mobile computers are kept up-to-date with 
security updates and corporate compliance requirements. 

Deploy VPN to allow client computers running operating systems not supported by 
DirectAccess, or configured in a workgroup, to remotely access corporate networks over a VPN 
connection. 

Configure RRAS routing features using the Routing and Remote Access console. 


10. Check the box Routing, click Next. 


< Previous | |' Next i 


: 


Install 


Cancel 


5b 


Add Roles and Features Wizard 


- a x 


Select role services 


DESTINATION SERVER 
SVS2iWaosoftcom 


Befiore Vou Begr 
Installation Type 
Server Seecticn 
Server Roles 
Features 
Remote Access 


Role Services 


Web Server Roe (US) 
Role Services 
Confirmation 


Select the role services to install foi Remote Access 

Description 

Routing provides support for NAT 
Routers, LAN Routers running RIP, and 
multicast capable routers (IGMP Proxy). 


Role services 

3 DirectAccess and VPN (RAS) 

r^i 


< Previous 


Next > 


Install | Cancel 
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11. In Web Server Role (IIS) Page, click Next. 


Add Roles and Features Wizard 


- a 


X 


Web Server Role (IIS) 


DESTINATION SERVER 
SVS2 Jw%crosoftcom 


Before you Eegir 
Instei at; or Type 
Server Selection 


Web servers are computers that let you share information over the Internet, or through intranets and 
extranets. The Web Server role includes Internet Information Services (IIS) 8.0 with enhanced security, 
diagnostic and administration a unified Web platform that integrates IIS 8.0. ASP NET, and Windows 
Communication Foundation. 


Server Roles 
Features 
Remote Access 
Role Services 


Web Server Role (IIS) 


Role Services 
Confirmation 


Things to noter 

• Using Windows System Resource Manager (WSRM) can help ensure equitable servicing of 
Web server traffic, especially when there are multiple roles on this computer. 

• The default installation fot the Web Server (IIS) role includes the installation of role services 
that enable you to serve static content, make minor customizations (such as default 
documents and HTTP errors), monitor and log server activity, and configure static content 
compression. 


More information about Web Server IIS 


| < Previous | [ Next > ; Install | Cancel 

12. Check the box Restart the destination server automatically if required. Click Install. 




Add Roles and Features Wizard 


-ex 


Confirm installation selections 


DESTINATION SERVER 

SVS2JAaosoftcom 


Before you Begr 
Insulation Type 
Server Seecncc 
Server Roles 
Features 
Remote Access 
Role Services 
Web Server Roe (US) 
Role Services 


Confirmation 


To install the following roles, role services, or features on selected server, dick Install. 

0 Restart the destination server automatically if required 

Optional features (such as administration tools) might be displayed on this page because they have been 
selected automatically. If you do not want to install these optional features, dick Previous to dear their check 
boxes. 


Remote Access 

3 

DirectAccess and VPN (RAS) 


Routing 

5 

Remote Server Administration Tools 


Role Administration Tools 


Remote Access Management Tools 


Remote Access GUI and Command-Line Tools 


Remote Access module for Windows PowerShell 


Web Server (IIS) 


Mana dement Tools 

V 


Export configuration settings 
Specify an alternate source path 


< Previous | 

Next > 

Install 

Cancel 
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13. Click Close. 


Add Roles and Features Wizard 


- O 


X 


Installation progress 


DESTINATION SERVER 
SVS2MicrosofUom 


View installation progress 
Q Feature installation 


Configuration required Installation succeeded on SYS? Miciosoft.com. 


Results 


Remote Access 

DirectAccess and VPN (RAS) 

Configure the role 

Open the Getting Started Wizard 

Routing 

Remote Server Administration Tools 
Role Administration Tools 

Remote Access Management Tools 

Remote Access GUI and Command-Line Tools 
Remote Access module for Windows PowerShell 


You can close this wizard without interrupting running tasks. View task progress or open 
this page again by clicking Notifications in the command bar, and then Task Details. 

Export configuration settings 


previous 


Close 


Cancel 


Note : Repeat the process of LAB2 on Router-2 (SYS3) also. 
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Enabling Routing on Routerl & Router2 

SYS2- CONFIGURATION 

1. Go to Start, select Routing and Remote Access. 


Start 


Administrator 



2. Right click on system name Configure and Enable Routing and Remote Access. 


3 

File Action View Help 

X li 

X Routing and Remote Acc [” 
i| Sewer Status 


Routing and Remote Access 


-l«l 


SYS 2 itocati | Welcome to Routing and Remote Access 

Configure and Enable Routing and Remote Access remote access to private networks. 

the folowng; 

All Tasks t"" 0 * 5 ’ 

View » 

Delete 
Refresh 
Piopetlies 
help 


IW1 'truer envnrwtMtt ix/vu 

trouDieshooting. see Heto 


on the Action menu, ckck Add Server 

v ^.. .y uk ..w^ig and Remote Access server, deployment scenarios, and 


< ■ w ] >| 

Configures Routing and Remote Access lot the selected server 
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3. Click Next 



4. Select Custom configuration ->click Next. 



5. Select LAN routing “^Next 

Routing and Remote Access Server Setup Wizard 

Custom Configuiation 

When this wizard closes, you can con* gtne 'he selected services in the Routing and Remote 

I Access console 

Select the services that you want to enable on this server 
I - VPN access 
r~ Qts * 1 up access 

I - Demand dial connectors ( used lor branch office routrrg ) 
r NAT 
|T Du\i jo-iing! 


T or rno-e n‘otr-,anon 


<QacK 


£lext> 


Cancel 


0 


0 
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6. Click Finish 


Routing and Remote Access Server Setup Wizard 



Completing the Routing and Remote Access Server 
Setup Wizard 

You have successfully completed Ihe Routing and Remote 
Access Server Setup wizard. 

Summary of selections' 



After you close this wizard, configure the selected services in the 
Routing and Remote Access console. 

To close this wizard, click Finish. 


< Back 

| Finish 


Cancel 


7. Click Start service 


Routing and Remote Access 

Start the service 

The Routing and Remote Access service is ready to use 


Start service 


Cancel 


Note : Repeat the process of LAB3 on Router-2 (SYS3) also. 
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Configuring Static Routes 

SYS2- CONFIGURATION 

ON ROUTER 1: 

1. Go to Routing and Remote access Expand System name Expand IPv4->Select Static 
Routes - ^ Right click and select New Static Route 


Routing and Remote Access 


File Action View Help 


Static Routes 


+ +I m\M a al 0 3 

JL Routing and Remote Acc 

QJ Server Status Destination 

■< g)SYS2 (local) 

5 Network Interlaces 
J Remote Access Log 
•< 5 IPv4 

H. General 

Static Routes .. 

t 3 IPv6 New Static Route... 

Show IP Routing Table- 

View 

Refresh 

Export List.. 

Help 


Network mas* Gateway Interface 

There are no items to show in this view. 


<| in [ I < f 

Create New Static Route 


2. Define the static route as mentioned below click OK. 
Interface 11.0.0.1 

Destination 12.0.0.0 

Network Mask 255.0.0.0 
Gateway 11.0.0.2 

Metric 256 


IPv4 Static Route 


? x 


interface 

11.0.0.1 




Qeslnabori 

12 

0 

0 

0 

Network mask. 

255 

0 

0 

0 

Gateway 

11 

0 

0 

2 

Melnc 

2S6 

-H 




"0 


p" Use this route in ir rio*e demand c 


= cr~tr>rt- -V -nrti.- - 


OK 


Cancel 
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SYS3- CONFIGURATION 
ON ROUTER 2: 

1. Go to Routing and Remote access -^Expand System name -^Expand IPv4 -^Select Static 
Routes-^ Right click and select New Static Route 


■E Routing and Remote Access — ' O x 

File Action View Help 

4» «*! a eJ Da 



2. Define the static route as mentioned below -^click OK. 


Interface 11.0.0.2 

Destination 10.0.0.0 

Network Mask 255.0.0.0 

Gateway 11.0.0.1 


Metric 256 
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Verification: 
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1. Check the connectivity between 10.0.0.0 and 12.0.0.0 Networks. 

2. Log on to SYS4(12.0.0.2)-^open command prompt, Ping 10.0.0.2 -t and verify for reply 

3. Log on to SYS1 (10.0.0.2)->0pen the Internet Explorer and access the website 
http://www.whatismyip.com (Website is present on 12.0.0.2), to verify the communication 
between both networks. 



J http//www whatismyipcom/ 


P 2 ->| £ My WAN IP - IP... x 


Detect your dynamic ip address - WAN 
address detection by mywanip.com 


Download MyWANIP 


Scan your web ports 


Get a FREE web domain] 


You^urrenUnterne^WAN^P^ 


10 . 0 . 0.2 


Add to Favorites Show Advanced details 

^re^ownloa^^lwa^^no^^oui^ru^^ddress^ 

If you want to run a game server, test a Webserver, FTP, remote access, Bittorrent 
tracker, or other server applications, you must know your Internet IP address so yoir 
friends know where to connect to. To keep track, you can always revisit this page, OR 
download myWANIp to your desktop and my WAN Ip Is always available In the Windows 
system tray I MyWANiP is fast, uses very little memory, and contains NO nasty spy or 

adware. 


Click here To download MvWANIP for Windows. 

^Js^TamewTO^rnjmber^je^oui^RE^D0MA|hU1AME^ 

Want an even easier method for tracking your Internet IP address? TZO Dynamic DNS 
service gives you a domain that works from anywhere on the Internet! You can choose 
from inexpensive yourname.tzo.com domains, or even run your own domain or a 


0 
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Lab - 72: Configuring Network Address Translation 


Objective: 


To configure NAT to translate private IP addresses to public IP addresses and vice versa 


Prerequisites: 

Before working on this lab, you must have 



A computer running windows 2012 server Domain Controller. 

2 computer running windows 2012 server with minimum 2 NIC cards 
A computer running windows 2012 server web server. jr 


Topology 


MICROSOFT.COM 


Domain Controller / DNS Server 

IP Address 10.0.0.2 


Router - 1 


IP Address 



Ui 






cr " 0 



V 

h i 




Subnet Mask 
Gateway 
DNS Server 


255.0. 0.0 

10.0. 0.1 

10.0.0.2, 12.0.0.2 


Subnet Mask 255.0.0.0 

Gateway 

DNS Server 10.0.0.2 


SYS3 


SYS4 


Router - II 

IP Address 11.0.0.2,12.0.0.1 

Subnet Mask 255.0.0.0 

Gateway 

DNS Server 12.0.0.2 


Web server / DNS Server 

IP Address 12.0.0.2 

Subnet Mask 255.0.0.0 

Gateway 12.0.0.1 

DNS Server 12.0.0.2, 12.0.0.1 


MCSE Lab Manual 


Page | 445 


www.zoomgroup.com 


0 




SYS2- CONFIGURATION 
On ROUTER1 : 

1. Go to Routing and Remote access -^Expand System name Expand IPv4 

2. Right click on General -^Select New Routing Protocol 

5 Routing and Remote Access — O x 

File Action View Help 
* «* * r| □ a - Q ' 



3. Select NAT click OK 

4. Right click on NAT -^Select New interface 

3E Routing and Remote Access — O x 

File Action View Help 
«•* ft T X 3_*Th - 
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5. Select LAN interface click OK 


New Interface for IPNAT 

This routing protocol runs on the interface that you select below. 
Interfaces: 




10001 


5 * 11 . 0 . 0.1 

5* Interna I 


OK 


Cancel 


6. Select Private Interface Click OK. 


Network Address Translation Properties - 10.0.0.1 ... |_j. 


NAT 

Interface Type: 

(• Private interface connected to private network 
C Public interface connected to the Internet 

| Enable NAT on this interface 

NAT enables clients on this network to send data to and receive data 
from the Internet using this interface. 


For more information 


OK 


Cancel 


Apply 
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7. Again Right click on NAT -^Select New interface 


Jt Routing and Remote Access | — fil x 

File Action View Help 

«.* xu a * □ ts 



8. Select WAN Interface (11.0.0.1)^ click OK 


9. Select Public interface. Select Enable NAT ->click OK. 


Network Address Translation Properties - 1 1 .0.0.1 ... ■ 


NAT Address Pool Services and Ports 


Interface Type: 

C Private interface connected to private network 


(• Public interface connected to the Internet 
Enable NAT on this interface: 

NAT enables clients on this network to send data to and receive data 
from the Internet using this interface. 


For more information 


OK 


Cancel 


Apply 
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Verification: 

Before NAT: 

On Private->Open Internet Explorer & access http://www.whatismvip.com the IP address is 
shown as 10.0.0.2 Private IP. 




)J hnp://wwwwfiatismyip com/ 

p v a -» | £ My WAN IP - IP ... X 


Detect your dynamic ip address - WAN 
address detection by mywanip.com 


Downloa d MyWANiP Scan wur vmh porn Got a FREE web domain! 


Your Current Internet (WAN) IP: 


10.0.0.2 

Add to Favorite* Show Advanced detalk 

Free download - always know your true IP address! 

If you want to run a game server , test a Webserver, FTP, remote access, Blttorrent 
tracker, or other server applications, you must know your Internet P address so your 
friends know where to connect to. To keep track, you can always revisit this page, OR 
download myWANIp to your desktop and myWANIp Is always available in the Windows 
system tray! MyWANiP Is fast, uses very little memory, and contains NO nasty spy or 

adware. 


X 


A 


Click her* To download MyWANiP for Windows. 

JJs^iamewTo^nimber^jje^oui^RE^DOMAIJOIAME^ 

Want an even easier method for tracking your Internet IP address? TZO Dynamic DNS 
service gives you a domain that works from anywhere on the Intemetl You can choose y 

from inexpensive yourname.tzo.com domains, or even run your own domain or a 

After NAT 

On Private->Open Internet Explorer & access http://www.whatismvip.com the IP address is 


shown as 11.0.0.1 Public IP. 



Detect your dynamic ip address - WAN 
address detection by mywanip.com 


Download MyWANiP | Scan your web ports Get a FREE web domain! 

Your Current Internet (WAN) IP: 


11.0.0.1 

Add to Favorites Show Advanced detalk 

^^^£own|oac^^lwa^^sno^^ou^Rj^F^ddress^ 

If you want to run a game server, test a Webserver, FTP, remote access, Blttorrent 
tracker, or other server applications, you must know your Internet IP address so yoir 
friends know where to connect to. To keep track, you can always revisit this page, OR 
download myWANIp to your desktop and myWANIp Is always available In the Windows 
system tray! MyWANiP is fast, uses very little memory, and contains NO nasty spy or 

adware. 

Click here To download MyWANiP for Windows. 

Use names not numbers • get your FREE DOMAIN NAME! 

Want an even easier method for tracking your Internet IP address? TZO Dynamic DNS 
service gives you a domain that works from anywhere on the Internet! You can choose 
from inexpensive yourname.tzo.com domains, or even run your own domain or a 
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Lab - 73: Configuring DHCP Relay Agent 


Objective: 


To assign IP addresses to clients in another network using a DHCP relay agent 

Prerequisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• 2 computer running windows 2012 server with minimum 2 NIC cards. 

• A computer running windows 2012 server web server. 

Topology: 



MICROSOFT.COM 

SYS1 

Domain Controller / DNS Server 


IP Address 
Subnet Mask 
Gateway 
DNS Server 

SYS3 

Router - II 

IP Address 
Subnet Mask 
Gateway 
DNS Server 


10.0.0.2 

255.0. 0.0 

10.0. 0.1 

10.0.0.2, 12.0.0.2 


11.0.0.2,12.0.0.1 

255.0.0.0 



V r 


-1 



10.0.0.1, 11.0.0.1 


12.0.0.2 


SYS2 
Router - 1 

IP Address 
Subnet Mask 255.0.0.0 

Gateway 

DNS Server 10.0.0.2 

SYS4 

Web server / DNS Server 

IP Address 12.0.0.2 

Subnet Mask 255.0.0.0 

Gateway 12.0.0.1 

DNS Server 12.0.0.2, 12.0.0.1 
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SYS1-C0NFIGURATI0N 

Note : Install DHCP service and create a scope with 12.0.0.10 to 12.0.0.100 with the router IP as 
12.0.0.1. 

On Router2 


SYS3-CONFIGURATION 

1. Go to Routing and Remote Access -> Expand System name -> Expand IPv4 

2. Right click General Select New Routing Protocol 

3. Select DHCP Relay Agent -> click OK. 



4. Right click on DHCP Relay Agent, Select New Interface. 


H RovtinQ and Remote Access • * 

File Action View Help 

♦ Hn 


Jl Routing and Remote Access 

DHCP Relay Agent 

JJ Server Status 


- &SYSJ (local) 

There are no items to show in this view 

I \ptworn Interfaces 


J Remote Access logging & Poiw 


- I IPv4 


JL General 


J[ Static Routes 


3 DHCP Rday Agent 


p I IPv6 


< fp "*""" .Jfc. ' " ■ *1 > , 
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5. Select 12.0.0.1 Interface -^click OK ->and click OK. 



6. Right click on DHCP Relay Agent Properties Enter the IP Address of DHCP Server 
(10.0.0.2)-> click Add -^Apply and OK 



Verification: 

SYS4-CONFIGURATION 

1. Log on as Administrator to DHCP Client (SYS4) and set the IP address to obtain the IP address 
automatically. 

2. Start Run ->Cmd -^Ipconfig /release. 

3. Type Ipconfig /renew. 

4. An IP address will be assigned by DHCP server. 

5. Check the IP Address by typing Ipconfig /all. 
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Lab - 74: Configuring Remote Access Services (RAS) 


Objective: 


To allow remote users to connect to the corporate office LAN via VPN 


Prerequisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 



• A member server with minimum 2 NIC cards. 

• A computer running windows 2012 server or windows 7. 


MICROSOFT.COM 

SYS1 

Domain Controller / DNS Server 

IP Address 10.0.0.2 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.2 


SYS2 

RAS Server / VPN Server 

IP Address 10.0.0.1, 11.0.0.1 
Subnet Mask 255.0.0.0 
Preferred DNS 10.0.0.2 


SYS3 

VPN Client 


IP Address 11.0.0.2 

Subnet Mask 255.0.0.0 

Preferred DNS 11.0.0.1 


MCSE Lab Manual 


Page | 453 


www.zoomgroup.com 


0 



ZOOM 


TECH NOLOGIES. 


Configuring VPN Server 

SYS2- CONFIGURATION 

1. Go to Start, select Routing and Remote Access. 


Start 


Administrator 


k 

T 

a 

% 

% 


Widows 

PowcfSbcl 

Aum r tvuat%* 

Took 

lokrntt 

IrtfofmftbOfV. 

NHWotk Pul*/ 
Scrv*f 

m 

f* 


* 

e e 

Task Mar-riyrt 

Control PanH 


kencte Aaeu 

Routnq jrxj 

Rmotr Acchi 


£ 



DrAtup 


2. Right click on system name Configure and Enable Routing and Remote Access. 


Routing and Remote Access 


j OE 


File Action View Help 

r. t| x ] la B ite 


3 Routine and Remote Ace 

SYS2 (local) | 

3 Server Status 
t*> SYS2 (local) 

Welcome to Routing and Remote Access 

Configure and Enable Routing and Remote Access 

remote access to private networks. 

Disable Routing and Remote Access 

All Tasks ► 1 

the following: 

etmoi ks 

View 

Delete 

Refresh 

k 


Ptoperties 


Help 

on the Action menu, ctck Add Server. 

tg and Remote Access server, deployment scenarios, and 


1 VI MIV W II M Wl 1 1 <W LIWI ■ tH/VUl UV.UUI 1 If U y IWUUI 

troubleshooting, see Help. 

< f IM > 



Configures Routing and Remote Access for the selected server 
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3. In Welcome wizard, click Next 



Routing and Remote Access Server Setup Wizard 


Welcome to the Routing and Remote Access 
Server Setup Wizard 

This wizard helps you set up your server so that you can 
connect to other networks and allow connections from 
remote clients. 

To continue, click Next 



Cancel 


4. Select Virtual private network (VPN) access and NAT -►click Next. 


Routing and Remote Access Server Setup Wizard 


Configuration 

You can enable any of the following combinations of services, or you can 
customize this server. 


Remote access (dial-up or VPN) 

Alow remote clients to connect to this serverthrough either a dial-up connection or a 
secure virtual private network (VPN) Internet connection. 

Network address translation (NAT) 

Allow internal clients to connect to the Internet using one public IP address, 



Allow remote clients to connect to this serverthrough the Internet and local clients to 
connect to the Internet using a single public IP address 


■' Secure connection between two private networks 

Connect this network to a remote network, such as a branch office 


C Custom configuration 

Select any combination of the features available in Routing and Remote Access. 


For more information 


< Back 

Next > 


Cancel 
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5. Select Public interface (Ex: 11.0.0.1) click Next. 


Routing and Remote Access Server Setup Wizard 

VPN Connection 

To enable VPN clients to connect to this server, ait least one network interface 
must be connected to the Internet. 


Select the network interface that connects this server to the Internet. 


Network interfaces: 


Name 

Description 

IP Address 

J 

1 10 00.1 

D-Link DFE-520TXPCI 

10.0.0.1 


1110001 

NVIDIA nForce Network . 

1100.1 




For more information about network interfaces . 

For more information about packet filtering . 


< Back 


Next > 


Cancel 


6 . 


Select From a specified range of address 


(if DHCP is not configured in the private network. 


select automatically if DHCP is configured), click Next. 


Routing and Remote Access Server Setup Wizard 


IP Address Assignment 

You can select the method for assigning IP addresses to remote clients 


How do you want IP addresses to be assigned to remote clients? 

Automatically 

If you use a DHCP server to assign addresses, confirm that it is configured property. 
If you do not use a DHCP server, this server will generate the addresses 

£nom a specified range of addresses; 


For more information 


< Back 

Next > 


Cancel 
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7. Enter the IP Address range to be leased to VPN Clients (Ex: 10.0.0.100 to 10.0.0.200), click OK. 



8. Select No, use Routing and Remote Access to authenticate connection requests (if VPN Server 
is Member Server), click Next. 

Routing and Remote Access Server Setup Wizard 

Managing Multiple Remote Access Servers 

Connection requests can be authenticated locally or forwarded to a Remote 
Authentication Dial-In User Service (RADIUS) server for authentication. 

Although Routing and Remote Access can authenticate connection requests, large 
networks that indude multiple remote access servers often use a RADIUS server for 
central authentication. 

If you are using a RADIUS server on your network, you can set up this server to forward 
authentication requests to the RADIUS server 

Do you want to set up this server to work with a RADIUS server? 



C Yes. set up this server to work with a RADIUS server 



For more information 


< Back Next > Cancel 
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9. Click Finish 


Routing and Remote Access Server Setup Wizard 


Completing the Routing and Remote Access 

Server Setup Wizard 

You have successfully completed the Routing and Remote 
Access Server Setup Wizard 

Summary; 

VPN clients (connect to the following public interface: a 
11 . 0 . 0 . 0.1 = 

RAS and VPN clients are assigned the following 
network for addressing: 10.0.0.1. 

Qient connections are accepted and authenticated v 

Before clients can connect, user accounts must be added 
locally or through Active Directory. For more information about 
user accounts, see Routine and Remote Access Help . 

To close this wizard, click Finish. 


< Back 

Finish 

' — 


Cancel 


10. Click Start service 


Routing and Remote Access 

Start the service 

The Routing and Remote Access service is ready to use. 


Start service 


Cancel 



MCSE Lab Manual 


Page | 458 


www.zoomgroup.com 





Establishing VPN Connections 

SYS3- CONFIGURATION 

1. Log on to RAS Client (SYS3), Right click on Network icon Properties. 


Adminisl- 


Computer 


Recycle 

Bin 



Open 

Pin to Start 
Map network dive . 
Disconnect network drive.. 
Create shortcut 
Delete 
Properties 


Network - 
Shortcut 


Windows Server 2012 


2. 


Select Set up a Connection or network 


V Network and Shanng Center 

= 1*1 * 

t * ► Control Panel » Network and Internet * Network and Sharing Center 

v C Search Control Panel P 


Centro Pard Heme 

Change adapter settings 

Change advanced shanng 
settings 


View your basic network information and set up connections 

View your active networks 


Unidentified network 

Public network 


Access ty pe No Internet access 
Connection*: ^ if tnH. 


Change your nehworVing settings 

t.»l ■. a m/ , till-. 11 ^ % 

Set up i broadband, dial-up, or li'PN connection; or *et up a rculer or scce** point. 

12 Troubled oct problem* 

Diagno** and repair networt problem*, or get tiou birth ootmg information. 


Sec also 

internet Options 

Window* f a errs II 
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3. Connect to a workplace click Next. 


X 


^ Set Up a Connection or Network 


Choose a connection option 



Conned to the Internet 

Setup a broadband or dial-up connection to the Internet. 


C onned to a workplace 

Set up a dial-up or VPN connection to your workplace 


Next 


Cancel 


4. Select Use my Internet connection (VPN) click Next. 



x 


if: Connect to a Workplace 

How do you want to connect? 


i ♦ Use my internet connection (VPN) 

Connect using a virtual private network (VPN) connection through the Internet. 






Dial directly 

Connect directly to a phone number without going through the Internet. 



Cancel 
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5. Select Use this Connection click Next. 



al Connect to a Workplace 

Do you want to set up an Internet connection before continuing? 

An Internet connection is necessary for using a VPN connection. 

+ Set up an Internet connection 

r 

i «► I’ll set up an Internet connection later 


Cancel 

6. Mention the IP Address of VPN Server click Next 



Connect to a Workplace 


Type the Internet address to connect to 


Your network administrator can give you this address. 


Internet address: 


11.0.0.1 


Destination name: 


VPN Connection 


I I Use a smart card 
0 Remember my credentials 

Q] Allow other people to use this co nn ection 

This option a llows anyone with a ccess to this computer to use thi s connection. 


i £reate 


Cancel 
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7. Click VPN Connection click Connect. 


Control Hon’# 


Network and Scaring Center 

t v * Control Panel » Network and Internet * Network and Sharing Center 

View your basic network information and set up connections 

View your active network* 


Change adapter vert mgv 

Change Ktv#K«l tkang 
letrngi 


Unidentified ndwoik 

?ubhc network 


A«oj type; No Intcrrfl 
Connections (| Ethernet I 


Chan je your network^ settings 

%■ Set up a new connected or retwoik 

Sot up a hreadbmd, dial-up, or '/PN rt«n«tirn' or rot up a rout or or kcki 

Troubleshoot ptotolcrm 

Diagnoie and r«p»r network pro Manx, or gat tvoubtahcctng information 


Networks 


Connections 


Untdentified network 


VPN Connection 


Limited 

020 


Connect 


See the 

irtcmei Options 
Aindcw) Frcvkoll 


8. Enter Network Authentication, (Ex: Administrator(5)microsoft.com ) and Password click OK. 


V 


Control Pan#i Horn# 


Network and faring Center 

Control Panr * Network ar*d Internet » Network and Sharing Centrr 

View your basic network information and set up connections 

Vievr rour active net av I v 



Networks 


Change adapter settogi 

Change advanced »hamg Unidentified network 

Pubkc network 



than)! your natworlong taftirgc 

Set up a new conneeton orngtwoik 

Set up i txcaabsnd dial up, or /PN connection: or jet uo a router or access 


0 


Troubleshoot problems 

Ciegrcve and epor network problems c» gel troublethccCng information 


Network Authentication 




Domain: mrc rose ft.com 


rtemet Options 
Aindcwi Fkcwall 
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9. Connection is created successfully. 


Network and Sharing Center 


t h? * Control Panel ► Network and Internet > Network and Scaring Center 


Control Panel Home 

Change adapter aattiogj 

Change ads anted sharing 
settings 


View your basic network information and set up connections 
Vie/# your active networks 


Unidentified iwrlwock 

Public network 


Acceittype: Nc IntecrJ 

Conner horn: ^ itheir.rt 



Change your networking settings 

Setup a conn eetoon or network 

Set up ■ broadband, dial-up. ot VPN connection; ct up a (outer 01 acccsJ 


Troubleshoot problems 

□wgno5f and repair network problem* or gcttroubl«hoobng information 



See also 

Internet Opto ns 
Windows Firewall 


10. Go to Command prompt & type Ipconfig /all to view the IP Address of the Client computer. 


11. Now try to access the LAN Network. 

12. Go to Start Run type \\LAN computer IP address\Drive$ or Share folder name 
Ex:\\10.0.0.2\c$ 
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Lab - 75: Configuring Remote Desktop Services 


Objective: 

To access a server desktop remotely by enabling remote desktop connections 

Prerequisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server or Domain Controller. 

• A computer running windows 2012 server or windows 7. 

Topology : 




SYS1 

D.C. / Remote Desktop Server 

IP Address 10.0.0.1 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 


SYS2 

Member Server/ Client 

IP Address 10.0.0.2 
Subnet Mask 255.0.0.0 
Preferred dns 10.0.0.1 
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SYS1- CONFIGURATION 
1. Select Server Manager 




Administrator 


Computer 


Network 


tf 

Recycle ftn 


Control Panel 


Server Manager 


Remote Desktop 
Server 


2. Select Remote Settings. 


!L 

Server Manager 


-Jo J X I 

©E). 

Server Manager * Local Server 

-®i r 

w 

Manage loots View Help 


IH Dashboard 


| local S<*cver 


■i All Servers 
rgl ADDS 
ti DHCP 
Si DNS 

i| File and Storage Services P 

io ns 


! PROPERTIES 


Computer name 

sysl 

Last installed updates 

Domain 

microsoft com 

Windows Update 



Last checked for updates 

Windows firewall 

Domain; Oft 

Windows Error Reporting 

Remote management 

Enabled 

Customer Experience Imprc 

Remote Desktop 

Fnablgrj 

IE Enhanced Security Confrc 

NIC Teaming 

Disabled 

Time zone 

Ethernet 

10.0.0.1 

Product ID 

Operating system version 

Microsoft Windows Server 2012 Standard Evaluation 

Processors 

Hardware information 

System manufacturer System Product Name 

Installed memory (RAM) 



Total disk space 

<1 

S J 

> 
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4. Check the box "Allow Connections from computers running any version". 




System Properties 

Computer Name j Hardware ' Advanced 


X 


Remote 


Remote Assistance 

□ Allow Remote Assistance connections to this computer 


Advanced 


Remote Desktop 

Choose an option, and then specify who can connect. 

O Don't allow remote connections to this computer 

® ABow remote connections to this computer 

I Allow connections only from computers running Remote 
Desktop with Network Level Authentication (recommended) 


Help me choose 


Select Users 


OK 



Cancel 

Apply 


Go to Terminal Client (SYS2) 

1. Go to Start, Type Remote Desktop Connection in search in Apps, select Remote Desktop 
Connection. 


Apps Results for "remote desktop' 


Remote Desktop 
Connection 


Search 

Apps 


remote desktop! 


77] Apps 

■*. Settings 


Internet Explorer 
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2. Specify the IP Address 10.0.0.1 or computer name of terminal server click Connect. 



3. Specify username as Administrator and type the password. ->click OK 



4. The Administrator will connect to the Terminal Server Remotely. 
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Lab - 76: Hypertext Transfer Protocol Over Secure Socket Layer 


Objective: 

To host HTTPS website using SSL certificate 

Prerequisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server or Domain Controller/web server. 

• A computer running windows 2012 server or Windows 7. 

Topology: 




MICROSOFT.COM 


SYS1 


SYS2 


Domain Controller/DNS/Web Server 

Member Server 

/ Client 

IP Address 

10.0.0.1 

IP Address 

10.0.0.2 

Subnet Mask 

255.0.0.0 

Subnet Mask 

255.0.0.0 

Preferred DNS 

10.0.0.1 

Preferred DNS 

10.0.0.1 
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Creating a self signed certificate 

1. Go to Start, select Internet Information Services Manager. 


Start 



Administrator ^ 


T 

Ik ^ 

w 

* s. 

Server Manager 

Windows 

PottCfShell 

AdmimOutive AlIiv* Directory 

Took Users and - 

Actnv Directory 
Module for- 

File Server 

Resource- DHCP 

Q 

* 

if 

m 

% 

Computer 

Ta:k Manager 

Act we Directory 
Sites and. 

Active Directory 
Domains and- 

Internet. 

infer motion.- 

W 

0 

■ 

R 


Centre! Panel 

Internet Explorer 

Active Directory 
Administrate.. 

ADSI Edit 




fi 

• 

■ 


Desktop 

n— »■ 

Group Poi.y 
Management 

DNS 








2. Select the system name (Ex: SYS1), and select ServerCertificates. 



File View Help 


Connections 





Actions 







«,• bi 

dtdi nome 




Open Feature 

-•a Start Page 

Filter 


&> Show AH Group by 

Manage Server 

a-«| 5Y51 (MICROSOFT\Administrator) 





■ 

Restart 

: Application Pools 

IIS 




► 


t-fiS Sites 

A 


© 

<3 

A\ 

Stop 


Authemica... 

Compressi. 

Default 

Directory 

Error Pages 

View Application Pools 




Document 

Browsing 


View Sites 







Get New Web Platform 


4*1 

r> 

4 * 


Q 

0 

Components 


Handler 

HTTP 

Hnp 

LoQQinq 

MIME Types ■© Help 


Mappings 

Redirect 

Respon. 



Online Help 


41 

JK 

E 

(5* | 

.3 



Modules 

Output 

Request 

Server 

Worker 




Caching 

Filtering 

Certificates! 

Processes 



Management 



A 



H 


m 





Configura .. 

Feature 

Shared 





Fditor 

Delegation 

Configure.. 




rn i« i > 

Features View Content View 





Ready '•J 
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In Server Certificates, click Create Self-Signed Certificate, from Actions pane. 


Internet Information Services (IIS) Manager - 0|x 

® O 

*3 ► SYS1 * 

uj ’.| tu - 


£ile View Help 


Connections 

w* U bi 

: % Start Page 

* S SYS1 (M(CROSOFT\Adminisbatof) 
Q Application Pools 
■ Sites 


Server Certificates 


Use this Feature to request and manage certificates that the Web 
server can use with websites configured for SSI. 


< ; 


Ready 


Filter 

Name 


' Go • Show All | Group by. 


Issued to 


Issued By 


Features View l Content View 


Actions 

Import- 

Create Certificate Request- 

Complete Certificate 
Request- 

Create Domain Certificate. 


Create Self-Signed 
Cfflljcdte- j 


9 Help 
Online Help 


*1 


Mention the Certificate name (Ex: SYSl.Microsoft.com), select Web Hosting. 


Create Self Signed Certificate 


? x 


1 1 Specify Friendly Name 


Specify a file name for the certificate request. This information can be 
sent to a certificate authority for signing: 

Specify a friendly name for the certificate: 


SYS! .M icrosoft.com 


Select a certificate store for the new certificate: 


Web Hosting 


Personal 


Web Hosting 


OK 


Cancel 


5. Click OK. 
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6. 

Certificate is created 




Internet Information Services (IIS) Manager 

L 

- fijx 


► SYS1 ► 


u> it * 


file J£iew Help 


Connections 

bi 

n Start Page 

-S SYS1 {hUCROSOFtWdministrator) 
i Q Application Pools 
u a Sites 


* 9 > Server Certificates 

Use this feature to request and manage certificates that the Wet) 
server can use with websites configured for SSL 

Filter. * ' 60 v Show All Group by. 


Actions 

Import- 

Create Certificate Request- 

Complete Certificate 
Request- 

Create Domain Certificate . 


Name Issued To Issued By 

SYSl.Microsoft.com sysl Microsoft com sysl Microsoft* 


Create Self-Signed 

Certificate- 


View. 


Export.. 

X Remcire 
0 Help 

Online Help 


M 

III 

1 > 1 

features View 

Content View 

Ready 





-3 


Creating a HTTPS Web Site 

1. Go to Start, select Internet Information Services Manager. 


Start 


Administrator A 




m 


w 

& 

CT: 

• 

Servet Manager 

Windows 

PowerShell 

Anrrinistrafivf Acta/e OirccTory 

look Users and. » 

Act**? 0»ccto7 
Moduletor- 

Rle Server 
Resource— 

DHCP 



m 

B# 

<3 

% 


Computer 

Tail Maniget 

Artrvr Director 
Sites and- 

Active D*ect <>7 
Domowu and— 

Internet 

Information.- 


** 

£ 

■ 

9 



Conbd 

If lief net Exptoffcr 

Active Directory 
AUfinnistiat-.e 

ADSI Edit 






F 

t 

JL 



Desktop 


Group Pokey 
Management 

DNS 
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2. In the left pane of the Internet Information Services, Expand the server Right click on sites 
and select Add Web Site. 


Internet Information Services (IIS) Manager — fll x 

@ o 

Jfl ► SYS1 ► Sites ► 



£ile Help 

Connections 

I ft. 

^ Start Page 

-* S SYS! (MICROSOfT\Administiator) 
iJ Application Pools 
•im Sites 


w 1 Sites 


filter 


Go - ^ Show All | Group by 


p Add Website. 

ta Refresh 

i - Switch to Content View 


Name ID 

9 Default Web- 1 
i Yahoo com 2 


Status 
Started (_ 
Started (_ 


Binding 
*:80 (http) 

wwwyahoo.com on 100.0.. 


Actions 

4 Add Website... 

Set Website Defaults 

© Help 
Online Help 


Ready 


l<l « 

> Features View i Content View 


*1 


3. Add Web Site wizard opens ->ln the Site name type a Name (Ex: Microsoft.com) In Physical 
path, browse and select the location of Home Directory (Webpage's Folder) 

4. Select the protocol as HTTPS 


Site name 
Microsoftcom 


Add Website 


Miaosoft.com 


Content Directory 
Physical path: 

[E:\Web Page5\Mnrosoft 

Pass-through authentication 


Connect as~ 


Test Settings 



Select.. 


Binding 


Type: IP address: 


https v 

[All Unass igned 

http 





□ Require Server Name Indication 


Port: 

443 


SSL certificate: 
Not selected 


Select. 


^ Start Website immediately 


I 


Cancel 
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5. Select the SSL Certificate (Ex:SYSl.MICROSOFT.COM). 



6. Click OK, Web Site will be successfully added. 

7. Enable Directory Browsing. (Repeat the process of Directory Browsing) 

8. Apply Default Document.(Repeat the process of Default Document) 

Accessing the HTTPS site from the Web Server 

SYSl- CONFIGURATION 

1. Open the browser and type https://certificate-name 


Ex: Https://sysl. microsoft.com 


C Internet Explorer Enhanced Security Configuration is enabled - Windows Internet Explorer 


& 


* |c https:.vsysl.nicrDsoft.com| ^ -> X f 

^Internet Explorer Emarcee Securty Configuration s ... * 0 * 


-Ifll xl 

» ’£age * Tgols * ** 

1 : 3 



Internet Explorer Enhanced Security Configuration is enabled 

Internet Explo'er Erhanced Security Configuration is currently enabled cn your server This rorfigjres 
a rumber of security settinos that define how jsers brcwse Internet and intranet Web sites. The 
configuration alsc reduces the exposure of your server to Web sites that m ght pose a security 'isk. For 
a complete list of the security settings in this configuration, see Effects c : Irterne: Explorer Enhanced 
Security Ccnfiouratior . 

This enhanced level of security car prevent Web sites from dissaving ccrrectlv in Irterne: Explorer and 
restrict access to network resources, such as files on Universal Namirg Convention [UNC) shares. If 
you wan: tc browse a Web site that requires Internet Explorer functional ty that has been disabled, ycu 
car add the web site to the inclusion ists ir the Local Intranet o- T-ustec sites zones, nor mc-e 
information, see Mo quipc Irtc re; C.vulure Eil orced Sc.u iU Curfijuratiuu . 
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2. An warning will be given, click OK to proceed 


Security Alert 


x 





You are about to view pages over a secure connection. 

Any information you exchange with this site cannot be 
viewed by anyone else on the web. 


I in the future, do not show this warning 


OK 


More Info 


3. Web site is displayed, verify for Yellow Lock beside Address bar. 


Xtusyfsvsl mitrosofu 


P • til 2 C ' Microsoft Corp .. 



State* Change ^ 






itmoors ufke 

Nil r edicts 

xn Mcvr LWrrrtoads a rnob Partner a uustomersolitiorB scanty a upcetes 

uarang aeveno etaxrt Atautnooaof 




tipewrcettw nStfmtgrt A 

0>*Jcod *ir free -♦ 



5 ways to speed 
up your computer 

Ke«p your PC running in top form » 


lews Nr* hkToaoft-Ptwrfd Orate Change Toots Umeled at Cantetncr n Caoerftacen 


Microsoft 

Download Center 


Your destination for trials 
updates. & service packs 


Free security 
downloads 

&more 



Accessing the HTTPS site from the Client Computer 

SYS2- CONFIGURATION 


1. Open the browser and type https://certificate-name 


Ex: Https://sysl. microsoft.com 


O Internet Explorer Enhanced Security Configarabon is enabled - Windows Internet Explorer 


JSJXJ 


13^ j' IT https://sysl.mia - osoft.ccm| 

'vfr & Internet ExplO’er Ennarced Security Configuration e . . . J 


w \ X Jluve Search P ' 

^1? ' Q * wtl * ; * B*9 # ” , Tcolc - M 


"D 



Internet Fxplorer Enhanced Security Configuration is enabled 

Irternet Explorer Enhanced Security Configuration is cu'rentlv enatled on vour server This configures 
a number of security settings that define hoiv users browse Interne: and intranet V'.eb sites. The 
configuration alsc reduces the exposure of your server to Web cites that might pose a security risk. Fcr 
a comple:e list of the security settings in this configuration, see Effects cf Irternet Explore- Enhanced 
Security Configuration . 

This enhanced level of security can prevent Web sites from displaying correctly in Internet Explorer ard 
restrict access to net<vorlc resources, such as files on Universal Naming Convention (UNC) shares. If 
you vsontto broAse a Web site thot requires Internet Explorer functionelity thot hos been disabled, you 
can add the We b site to the inclusion lists in the Local intranet o' Trusted sites zones. For more 
information, see Manaoiro irterret bxclcrer Enhanced security configuration . 
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2. An warning will be given, click OK to proceed 


3. 


Security Alert 

1*1 

jfiij You are about to view pages over a secure connection. 

Any information you exchange with this site cannot be 

viewed by anyone else on the web 


n In the future, do not show this warning 



OK 

More Info 







There is a problem with Website's Security Certificate (The Security Certificate presented by 
website was not issued by a Trusted Certification Authority), Click on Continue to this Web 
site (Not Recommended) 




There is a problem with this website's security certificate. 


The security certificate presented by this website was not issued by a trusted certificate authority. 

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the 
server. 


We recommend that you close this webpage and do not continue to this website. 

& Click here to close this webpage. 

V Continue to this website (not recommended).! 

- More information 


4. Web site is displayed but there is a Certificate Error 


0 


MCSE Lab Manual 


Page | 475 


www.zoomgroup.com 





ZOOM 


TECH NOLOGIE! 


5. Click on Certificate Error and Click on View Certificates 

O 



_ fll X 

microsofi.com P- 0 Certific ^ (j e.- Microsoft Corp 



I 


Untrusted Certificate 


•xi 


The security certificate presentea by this 

website was not issued by a trusted 
certificate authority 


the server. 

We recommend that you dose this webpage. 
About certificate errors 

View certificates 


1 ImtrfJ 


C»ng (3 


I'.ro This problem (night indicate an attempt to kGetowO Solutions Seant* &Utds*s liawij 4.t->=rfc aupooi!. ABautMtnnoT. 
fool you or intercept any data you send to 



Microsoft 

Download Center 

© 

four destination for trials, 

updates, & service packs 


5 ways to speed 
up your computer 

Keep your PC running in top form > 


NtWtj leu (taose't+oaerefl llirate Chance ods Ur.els: at Confrerce r Cooerhaaen 



Free security # 
downloads / « 

& more ► 1 


6. Click on Install Certificate 


** 


Certificate 


X 


General 


Details 


Certification Path 


OH Certificate Information 


This CA Root certificate is not trusted. To enable trust, 
install this certificate in the Trusted Root Certification 
Authorities store. 


Issued to: sysl.Microsoft.com 


Issued by: sysl.Microsoft.com 


Valid from 1/29/2013 to 1/28/2014 


Install Certificate... Issuer Statement 


Learn more about certificates 


OK 


7. Click Next 
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8. Select Place all certificates in the following stored Click Browse. 


© rf Certificate Import Wizard 


Certif kate Store 

Certificate stores are system areas where certificates are kept. 


Windows can automatically select a certificate store, or you can specify a location 
for the certificate. 

Automatically select the certificate store based on the type of certificate 
• Place all certificates in the following store 
certificate sure: 


Browse... 


Leorn more about certificate stores 


Next 


Cancel 


9. Select Trusted Root Certification Authority^ Click OK-> Click Next 


Select Certificate Store 


Select the certificate store you want to use. 


Personal 


c 


rusted Root Certification Authorise 


Enterprise Trust 

Intermediate Certification Authorities 
Trusted Publishers 
untrusted certificates 

Third-Party Root Certification Authorities v 


l ! Show physical stores 


OK 


Cancel 
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10. Click Finish 


x 


© .if Certificate Import Wizard 


Completing the Certificate Import Wizard 


The certificate will be imported cfter you click Finish. 


You have specified the following settings: 

Certificate Store Selected by User Trusted Root Certification Authorities 
Content certificate 



11. Click Yes-> Click OK^CIick OK. 
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12. Web site is displayed, Click on the Yellow Lock beside Address bar, to see the website security 


status 




ii i ■ 

Ld a L x 

jraCTHE 

P * til 3 C| C5 Microsoft Coro- ■ 



United States Chemje ^ 


Microsoft 


Str<n tooscft.cor 


< 


iitiX/ro OflWx Out row Curvioad: &'r*» Partner AG-&laro Suftumns 5ouuy 4 Updates &£ rents juwwt About oooft | 


BpvmsMI Sivmgw 

4^ ’ tu^ Jumi ?»c foe -• 


5 ways to speed 
up your computer 

Keep your PC running in top form ► 


Microsoft 

Download Center 

* 

Your destitution for trul* 

updates, & service pacts 


Free security 
downloads 

& more ► 



tews new Mcrosott-pjiiwM umaee Jenge rxesurvaMati^irperwnotwtttoen 
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Lab - 77: Installing and configuring iSCSI target server 


Objective: 

To provide storage to Remote Servers. 

Prerequisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server or Domain Controller. 

• A member server running windows server 2012 or client running windows 7. 

Topology: 



MICROSOFT.COM 

SYS1 SYS2 


Domain Controller / iscsi target server 

IP Address 10.0.0.1 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 


Member Server / Client (iscsi initiators) 

IP Address 10.0.0.2 
Subnet Mask 255.0.0.0 
Preferred DNS 10.0.0.1 
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Configuring iSCSI Target Server 

SYSl- CONFIGURATION 

1. Go to Server Manager, click File and Storage Services. 


fk. Server Manager 



(4") ’ Server Manager * Dashboard 


) | Manage lools View Help 


13 Dashboard 


| Local Server 
■i All Servers 
fol ADDS 
& DNS 

Si File ana Storage Services t> 
& Hyper-V 


WELCOME TO SERVER MANAGER 


{JUkXSTAItl 

O Configure this local server 


WHATS NEW 

2 

3 

4 

Add rdes and features 

Add other servers to manage 

Create a server group 





LEARN MORE 



Hitk 


ROLES AND SERVER GROUPS 

Roles 4 | Servr r group*: 1 | Servers rank 1 


iff AD DS 1 


£ DNS 1 

0 Manageability 


© Manageability 

Events 


Events 

Services 


Services 

Performance 


Performance 

BPA results 


BPA results 


2. Click To install iSCSI Target Server, start the Add roles and Features Wizard. 


r=. Server Manager 


-lo X | 

(^*) ’ •* File and Storage Services *• iSCSI 


) I JT Manage lools View Help 


IES 

Servers 

i 

Volumes 

■i 

Daks 

V 

Storage Pools 

c\ 

Shares 

EDI 

tSCSI | 

ft 


& 


ISCSI VIRTUAL DISKS 

No data available* 


TASKS ~ 


To use iSCSI virtual disks, the iSCSI Target Server role service must be installed 
]lo install iSCSI T arge t Server, start the Add Rol es an d Featur es Wa ardl 


iSCSI TARGETS 

No VbD is tetvctrd | TASKS 

Select an iSCSI J/HD to display as associated targets 
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3. In Select server roles page, check the box iSCSI Target Server, click Next. 



4. In Select features page, click Next. 
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5. Check box Restart the destination server automatically if required, click Install. 



6. Go to Server Manager, select File and Storage Services, and select iSCSI, click To create an 
iSCSI virtual disk, start the New iSCSI Virtual Disk Wizard. 


li, Server Manager 

-!d x 

@ ’ « File and Storage Services * iSCSI 

* (2) | T Manage loots View Help 


IK 

Servers 

i 

Volumes 

■i 

Disks 

V 

Storage Pools 

O 

Shares 

EEI 

iSCSI j 

% 


ISCSI VIRTUAL DISKS 

All iSCSI virtual diiks | 0 total 


TASKS ▼ 


There are no iSCSI virtual disks. 


i To create an iSCSI virtual disk, start tire New iSCSI Virtual Disk Wizard 


Last refreshed on 5/28/2013 334:22 AM 


iSCSI TARGETS 

No VfiD is selected. 

Select an iSCSJ VHD to display its associated targets 


TASKS - 
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7. Enter Name (Ex: Vdiskl), click Next. 



8. Enter the iSCSI virtual disk size (Ex: 4 GB), click Next. 


r_ 


New iSCSI Virtual Disk Wizard 


Soecify iSCSI virtual disk size 


iSCSI Virtual D sfc Location 
iSCSI Virtual D sk reams 


iSCSI Virtual Disk Size 


ISCSI target 


Free space: 1 8.4 GB 
Size: 4 



< Previous 


ISext > 


Create 


Carcel 
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9. Select New iSCSI target, click Next. 



10. Enter the Name (Ex: Targetl), click Next. 
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11. Select Enter a value for the selected type, select IP Address in Type, enter the Value (Ex: 
10.0.0.1), click OK. 



12. To allow other computers to access the iSCSI Target Server, Select Enter a value for the 
selected type, select IP Address in Type, enter the Value (Ex: 10.0.0.1), click OK. 

fst ij Add initiator ID ~ ° L x 

Select a method to identify the initiator: 

O Query initiator computer for ID (not supported on 
Windows Server 2008 R2. Windows 7, or earlier): 

Browse... 

Select from the initiator cache on the target server 


• Enter a value for the selected type 
Type: Value: 


IP Address 


1 0.0.0.2 

Browse... 



0 
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13. Only the specified servers can access the iSCSI Target Server, click Next. 



14. In Enable Authentication page, click Next. 

~ New iSCSI Virtual Disk Wizard “ ! 0 t x 

Enable Authentication 

Optionally, enable the CHAP protocol to authenticate initiatoi connections, or enable 
reverse CHAP to allow the initiator to authenticate the iSCSI target 

□ Enable CHAP: 

User name 

Password: 


Enable authentication scr. 


Confirmation Confirm password: 

□ Enable revet se CHAP: 

User name 

Password: 

Confirm password: 

Learn more about CHAP and reverse CHAP 


iSCSI Virtual D sk location 
iSCSI Virtual P sk Name 
iSCSI Virtual D sk Size 
iSCSI target 

Target \ame and Access 
Access Servers 


< Previous 


Next :> ■ 


Create 


Cancel 
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15. Click Create. 


r~ New iSCSI Virtual Disk Wizard 


Confirm selections 


- 1° x 


iSCSI virtual Disk Location 
iSCSI Virtjal D sk Name 
iSCSI Virtual D:sk Size 
iSCSI Target 

Target same and Access 
Access servers 
Enable authentication ser. 


Confirmation 


Confrm tnat the following are the correct settings, and then cl cc C r ea:e. 


ISCSI VIRTUAL DISK LOCATION 


A 

Server: 

SYS1 



Cluster role: 

Not Clustered 



Path: 

E:\iSCSiViitualDisks\Vdisk1.vhd 



ISCSI VIRTUAL DISK PROPERTIES 



Name: 

Vdiskl 



Size: 

4.00 GB 


= 

TARGET PROPERTIES 



Name: 

targetl 



Description: 

Sysl 



ACCESS SERVERS 




IP Address: 

10.0.0.1 



IP Address: 

10.0.0.2 



SECURITY 




CHAP: 

Disabled 


V 


< Previous 

ISert > 


Create 

Cancel 


16. Verify the message Completed, click Close. 
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17. iSCSI Virtual Disk Vdiskl.vhd has been created. 


1L 

Server Manager 


- □ X | 


” File and Storage Services * iSCSI 


) 1 jT Manage Iools Xievii Help 


is 

Servers 

i 

Volumes 

ii 

Disks 

V 

Storage Pools 

Ck 

Shares 

on 

iSCSI 1 

Fta 


iSCSI VIRTUAL DISKS 

All 6CS I virtual ditkt 1 1 total | TASKS 

Filter 
Par 

^ SYSi (1) 



P (5) ▼ (g) *■ 

f -rasa r;< sees -rergausn* ■ t*9« ssne - •- • j-. c s 



iSCSI TARGETS 


t \i5CSIV'rtu*ltJwk»\Vd»kl vhd on SYSI 



TASKS ~ 


filter P 

* 

® - 

V 

: V | 


18. Similarly create multiple iSCSI Virtual Disk that can be accessed from SYS2. 
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Configuring iSCSI Initiator 

SYS2- CONFIGURATION 

1. Go to Start, type iSCSI in Search Apps, select iSCSI Initiator. 



Search 


AppS Results for 'iscsi " 

Apps 




■azi 

iSCSI Initiator 

nnp ^ 

t 


HD Settings 

2 


|g|| Ties 

0 


Internet Frptorer 






2. Click Yes to Microsoft iSCSI service. 

Microsoft iSCSI 


The Microsoft iSCSI service is not running The service is required to be 
started for iSCSI to function correctly To start the service now and have 
toe service star automatically each time the computer restarts, dick the 
Yes button 



3. Enter the IP Address of Target Server (Ex: 10.0.0.1), click Quick Connect. 
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4. Verify for the message Connected, Login Succeeded, click Done. 



5. Go to Server Manager File and Storage Services Disks. 



Server Manager 



* " File and Storage Services ► Volumes " Disks 

* (3) | Manage loots View Help 


IQ 


■l 


§i> 

£ 


Servers 

DISKS 

All diika 1 1 total 






TASKS » 

Volumes 

Fitter 


p • 

5> * ® 

- 


•V) 

t . . i 

Storage Pools 

Number Virtual Di*k 

Status 

Capocty 

Oral located 

Partition RcadOny 

Clustered 

Subtyttrm Buts Type ! 

Shares 

' sys 2(2) 







iSCSI 

0 

Online 

149 CB 

33.1 C-B 

MB* 


ATA < 


1 

OWinr 

4.00 GB 

3.97 GB 

GP1 ✓ 


iSCSI 1 


< | " M 


> 

Last refreshed on S/28/2013 3:57:27 AM 

VOLUMES 

STORAGE POOL 


It *t«rJ • - IMS U tola | TASKS ▼ | 

MSFT Virtual HO SCSI Ctofc Device on cys2 

| TASKS ▼ 


Disk is Offline 


No related storage pool exists. 
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6. Right click on offline disk iSCSI, select Bring Online. 



IB 

i 

Servers 

Volumes 

b 

I Disks I 

ED 

Storage Pools 

a 

Shares 

to 

iSCSI 

ail 




DISKS 


VOLUMES 

Related Volumes 1 0 total 


TASKS 


Disk is Offline 


STORAGE POOL 

MSP” Virtual HD SCS Cck De»xc on iys2 


j TASKS 


No rotated storage pool exists. 


7. Click Yes 


Bring Disk Online 




If this disk is already online on another server, bringing the disk 
online on this server can cause data loss. Are you sure you want to 
bring this disk online on this server? 


Yes No 


8. Select Storage Pools, and Verify for Physical Diskl 



Server Manager 

L= 0 * 

(<■) ' “ Volumes * Storage Pools 


• (3) | X loots View Help 


■B Scrran 

I Vokvnn 

li Data 


Storage Pooh 


ft '-srei 

» iSCSI 

J 


■ STORAGE POOLS 

AM no— y pa eh 1 1 mM 

fillet 

% '.*rr* Ty 

a Storage Spaces <1) 


P I » « * 


Managed by 


3aad Wide Server 


AvwlaHr Ditto eyv? 


Jta lefteshed on y?0/?OI3 35*41 AM 


VIRTUAL DISKS 

PHYSICAL DISKS 



b Mbb • Mb k •••. *•»- 

ftnwlal on 


- 

No related virtual daJa ejtsl 

PVHr 

p 

(i) v v 

To create a virtual disk, start the Ne* Virtual Disc 

A. 9ct 


Statu* Cat act, 

Wizard. 

bnvdOEvll (-vyO) 


40OGI | 
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Lab - 78: Creating Storage Pool and Simple Volume 


Objective: 

To combine multiple hard disks into a single pool. 

Prerequisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server or Domain Controller. 

• A member server running windows sever 2012 or client running windows 7. 

Topology: 



MICROSOFT.COM 

SYS1 SYS2 


Domain Controller 

IP Address 10.0.0.1 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 


Member Server / Client 

IP Address 10.0.0.2 
Subnet Mask 255.0.0.0 
Preferred DNS 10.0.0.1 
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SYS1- CONFIGURATION 

1. Create multiple iSCSI Virtual Disk (Ex: Vdiskl, Vdisk2,Vdisk3...) 

SYS2- CONFIGURATION 

1. Go to Server Manager File and Storage Services Storage Pools-> select New Storage Pool. 



IU 

Servers 

i 

Volumes 

ii 

Disks 

eh 

I Storage Pooh, 1 

a 

Shares 

i» 

iSCSI 


cal 


S STORAGE POOLS 

All tbnqe pooh 1 1 total 

P ® ▼ M ▼ 


TASKS ~ 


.1 Name Type Mar aged by Available to Read - Write $«<Yer 



Stotage Spaces (1) 


iyx? 


vtO 


> 


( 


Last refreshed on 5/28/2013 4*16:38 AM 


VIRTUAL DISKS 

No related data c available. | TASKS ^ 


No related virtual disks exist 

To create a virtual disk, start tfie New Virtual Disk 
Wizard 


PHYSICAL DISKS 

1 TASKS ^ 






fitter 

p 


1 v' 1 

d. Slot Name 


Status 

Capacity 

PhysicaiDiskJ (sys2) 



4 x ce 

Ph/*icaCi*le2 (*y*2) 



400 Gfi 

PhyliialDilkl (vy i2) 



4.C0G8 


2. In Before you begin page, click Next. 
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3. Enter Name (Ex: Pooll), click Next. 



4. Check the boxes to select the physical disk for storage pool, click Next. 


li. New Storage Pool Wizard ' — ° IHI 

Select physical disks for the storage pool 


svn <ev 

Stcyaje *001 Nam* 


rtr^jl DrJkj 




Select physical disks for the storage pool, and choose whether any disks should be allocated as hot 
spares that replace faded disks 

Physical disks: 



Total selected capacity 8.00 GB 
^Selecting these disks will create a local pool 


i • h«i > 




MCSE Lab Manual 


Page | 495 


www.zoomgroup.com 







5. Click Create. 



6. Click Close. 
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7. In Storage Pools, select Pooll, and click To create a virtual disk, start the New Virtual Disk 
Wizard. 




Server Manager 

- ! “ *1 


« Volumes * Storage Pools 


- ( 3 ) | JT Manage loots View Belp 


ft 

ixi 


STORAGE POOLS 


No related virtual disks exist. 


To cede a virtual disk stmt the Hex \ /inual Disk I 

'wizard. 


niter 

4, Slot Name 


TASKS 


Physio ID isle2 (sys2) 


Ph/s>calDisk1 (cys2) 


Volumes 





Fitter 

P ® » ® * 


V 

Daks 





| Stofdqe Pools ilH 

a 

.1 Name 

Type Mar aged try 

Available to 

Read Write Server 

Slam 

* Storage Spaces C2) 




iSCSI 

Prvnora»al 

Available Oaks »y»2 

sys2 



Poo n 

Slut age Pool syv2 

sys2 

sys2 




<i 

■ 


>l 


1 Last refresned on 5/28/2013 4-20.QO AM 

VIRTUAL DISKS 


PHYSICAL DISKS 


No related data k avaiafcte. 

1 TASKS » 

Poolt onsys2 

TASKS - 


p < g ) * ® 

Status C opacity 


8. In Before you begin page, click Next. 
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9. Select the storage pool (Ex:Pooll) ; click Next. 



10. Enter Name (Ex: Simple Disk), click Next. 
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11. Select the Layout Simple, click Next. 



12. Select Thin or Fixed, click Next. 


rL New Virtual Disk Wizard 


Specify the provisioning type 


Before You Begin 
Storage Pool 
Virtual Disk Nar,e 
Storage Layout 


Provisioning 


Size 


Provisioning type: 

® Ihin 

The volume uses space from the storage pool as needed, up to the volume 
size. 

O E*ed 

The volume uses space from the storage pool egual to the volume size. 


< Previous 

Next > 


Create 

Cancel 
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13. Enter the size of the virtual disk, click Next. 



14. Click Create. 


iL New Virtual Disk Wizard 


Confirm selections 


Before You Begin 
Storage Pool 
Virtual Disk Katie 
Storage Layout 
Provisioning 
Size 


Confirmation 


Confirm that the following are tne correct settings, and then click Create. 


VIRTUAL DISK LOCATION 

Server: 

sys2 

Subsystem: 

Storage Spaces 

Storage pool name: 

Pooll 

Status: 

OK 

Free space: 

6.00 GB 

VIRTUAL DISK PROPERTIES 

Name: 

Simple Disk 

Storage layout: 

Simple 

Provisioning type: 

Thin 

Requested size: 

5.00 GB 


< Previous 

Next > 


Create 

Cancel 



MCSE Lab Manual 


Page | 500 


www.zoomgroup.com 






15. Click Close, verify the check box Create a volume when wizard closes. 



16. In Before you begin page, click Next. 


rL 


Before you begin 


New Volume Wizard 



Before You Begin 


Server and Disc 


This wizard helps you create a volume, assign it a drive letter or folder, and 
then format it with a file system. 

You can create a volume on a physical disk or a virtual disk. A virtual disk is a 
collection of one or more physical disks from a previously created storage pool. 
The layout of data across the physical disks can increase the reliability and 
performance of the volume. 

To continue, click Next. 


□ Don't show this page again 


< Previous 

Next > 


Create 

Cancel 
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17. Select the disk (Simple Disk), click Next. 



18. Enter the size of the volume, click Next. 
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19. Select the Drive letter, click Next. 



20. Select the File system, click Next. 


rL New Volume Wizard 


Select file system settings 


Before You Begin 

Eile system: 

NTFS 

0 

Server and Disc 




Size 

Allocation unit size: 

Default 

0 

Dn/e Lerer or Folde r 

Volume label: 

■ 

New Volume 



File System Settings 


Confirm atior n Generate short file names (not recommended) 

Short file names (8 characters with 3-character extensions) are requirec for 
some 16 -bit applications running on client computers, but make file 
operations slower. 


< Previous 

Next > 


Create 

Cancel 
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21. Click Create. 



22. Click Close. 
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Verification : 


1. Go to Start, select Computer Icon and verify for the Simple volume. 




Computer 


| Lorro uter 

vim 


- A 

t m - 

Computer ► 


1 rz 

v c 1 Search Computer P 

'k Favorites 

•* Hatd Disk Drives (7) 



■ Desktop 

— Local Disk (CO 

Simple Volume (H:) 


1b Downloads 

, Recent places 

"tjej HH 1 | 


77.6 GB free of 90.4 GB 4.90 GB free of 4 96 GB 


jm Libraries 

2 Documents 

■* Devices with Removable Storage (1) 

A 4 




Ji Music DVD RW Drive (D:) 

k! Pictures 
8 Videos 


*■ Computer 
Ua Local Otstc (C:] 
cm Data (E:) 
cm Backup (F:) 
cm Local Disk (G:) 
cm Simple Volume 
u Mirror Volume C 

cm Parity Volume (J 
*9* Network 


S llerm 


SB k 
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Lab - 79: Creating Mirror Volume (RAID-1) 


Objective: 

To configure mirror disk for fault tolerance. 

Prerequisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server or Domain Controller. 

• A member server running windows sever 2012 or client running windows 7. 

Topology: 


SYS1 


MICROSOFT.COM 

SYS2 



Domain Controller 

IP Address 10.0.0.1 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 


Member Server / Client 

IP Address 10.0.0.2 
Subnet Mask 255.0.0.0 
Preferred DNS 10.0.0.1 
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SYS1- CONFIGURATION 

1. Create multiple iSCSI Virtual Disk (Ex: Vdisk4, Vdisk5, Vdisk6...) 

SYS2- CONFIGURATION 

1. Go to Server Manager File and Storage Services -^StoragePools-^ right click Primordial 
storage pool -^select NewStoragePool. 



Server Manager 

*1 

(4*) ” ” Volumes * Storage Pools 


* (3) | Manage Tools View Help 


■i 

□ 

Bj 

in 

Jl 


Servers 

Volumes 

Daks 


Storage Pools 


Shares 

iSCSI 


STORAGE POOLS 

All storage pools { 2 total 


TASKS " 


filter 

p 

* u ' 

r 



4> Name 

•a Storage Spaces (2) 

Tyoe 

Mar aged Dy 

Available to 

Read Write Server 


PrtTioriW 

Available Oaks 

*yU 

>y>2 

vfi2 


Pool! 

Storage fool 

sys2 

Nevr Storage Pool.,. 

era 





New Virtual Disk.. 






Add Physical Disk-. 
l>elete Storage Pool 



< r 


M 

Properties 

ii 

i . . .. i ' 



Last refreshed on 5/28/2013 4:36:14 AM 


VIRTUAL DISKS 

No rrlotfd data b ewieLtbir I TASKS w 

No related virtual disks exist. 

To create a virtual disk, start the New Virtual Disk 
Wizard. 


PHYSICAL DISKS 


onsfs! TASKS ■> 


Hirer 

p 

<5) » 

• v) 

di Slot Name 


Status 

Capacity 

PhysicalOtstf (sys?) 



VOOGB 

Phys cs CukB (iys2) 



600C6 

PhyS C3'Ds<9 (sys2) 



6CCGB 

Phy*iealCisie7 (tys2) 



600G8 

PhyiicalDiskS (sys2) 



5 CO C*B 

Ph/yc»tD«k3 C*ys2) 



4.00 GB 


2. Enter Name (Ex: Pool2), click Next. 



3. Check the boxes and select the physical disks for the Storage pool, click Next. 
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r_ 


New Storage Pool Wizard 


1 - 1 ° * 


Select physical disks fo r the storage pool 


3efcrs *Cu B®gin 
S:0^g€ POC* N5T€ 


Physical Osks 


ConVmston 


Select physical disks for the storage pool, and choose whether any disks should be allocated as hot 
spares that replace failed disks 


Physical disks: 

M Slot Name 

B 


Capacity Bus RPM Model 


PhysiralDis ... 500 CM iSCSI 


Q 


I’hysicalDrs... 5.00 GB iSCSI 


PhysicalDis... 5.00 GB iSCSI 


Virtual I ID 


Virtual HD 


Virtual HD 


Allocation 

Automatic 


Chassis 



Total selected capacity: 1 5.0 GB 
® Selecting these disks will create a local pool 


< Previous 


Next > 


Create 


Cancei 


4. Click Create. 
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5. Click Close. 



6. In Server Manager, Storage Pools, select Pool2, and click To create a virtual disk , start the 
New Virtual Disk Wizard. 



STORAGE POOLS 


in 

i 

li 

Servers 

Volumes 

Disks 

AJl storage oh 1 2 total 



[ tasks 7 ! 

Fitter 

p 

(g) ▼ ® ▼ 


V 

EE 

| Starve Pools 1 IH 

A. \a*n€ 

Type 

Managed by 

Available to 

Read Wnte Server 

a 

Shares 

* Storage Spaces (2) 




i*> 

iSCSI 

Pooll 

Storage Pool 

*y %2 

«y*2 


oil 


Pool2 

Storage Pool 

S ys2 

ry»2 

sys2 


Last refreshed on S/28/2013 4:40:33 AM 


VIRTUAL DISKS PHYSICAL DISKS 


toliM 3b>c. | TASKS ^ 

PooC on sys2 


1 TASKS ~ 

No related virtual disks exist. 

rdter 

p 

• V 

To create a virtual disk^ start the New Virtual Disk i 

A. Slot Name 


Stalus Capacity 

^Vizard, 

Hill PhysicalDisid (sys2) 


423 GB 


Physics ID i*lc6 (sys2) 


425 GB 


Phjftka lD«kS (tys2) 


4 25 GB 
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ZOOM 


TECH N OLOG IE! 


7. In Before you begin page, click Next. 


f 


New Virtual Disk Wizard 


Le_L 


Before you begin 


Before You Begin 


Storage Pool 


This wizard helps you create a virtual disk from a storage pool. 

A virtual disk is a collection of one or more physical disks from a previously 
created storage pool. The layout of data across the physical disks can increase 
the reliability and performance of the virtual disk. 

To continue, click Next. 


□ Don't show this page again 


< Previous Next > 


Create 


Cancel 


8. Select the storage pool (Ex: Pool2), click Next. 
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9. Enter Name (Ex: Mirror), click Next. 



10. In Layout, select Mirror, click Next. 


rL 


New Virtual Disk Wizard 


Select the storage layout 

Before You Begin 

Layout: 

Storage Pool 


Simple 

Virtual Disk Name 


Mirror 

Storage Layout 


Parity 

Provisioning 




Description: 

Data is duplicated on two or three physical disks, 
increasing reliability, but reducing capacity. This 
storage layout requires at least two disks to 
protea you from a single disk failure, or at least 
five disks to protect you from two simultaneous 
disk failures. 


< Previous 

Next > 


Create 

Cancel 
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11. Select Thin or Fixed, click Next. 



12. Enter the size of the virtual disk, click Next. 
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13. Click Create. 



14. Click Close. 
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ZOOM 


TECH NOLOGIE! 


15. In Before you begin page, click Next. 



16. Select the Disk (Ex: Mirror), click Next. 
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ZOOM 


TECH NOLOGIE! 


17. Enter the size of the volume, click Next. 



18. Select the Drive letter, click Next. 
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19. Select the File system, click Next. 



20. Click Create, click Close. 


(L Mew Volume Wizard 


Completion 


v ou nave successfully completed the New Volume Wizard. 


Task Progress 

Status 












< Previous 

Next > 


Close 

Cancel 
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Verification 



1. Go to Start, select Computer Icon and verify for the Mirror volume. 


■» Q J-' 

Computer 


1 

| comouier view 


v a 

f il > Computer ► 


i r i 

v c 1 Search Computer P 



k Favorites 
■ Desktop 
in Downloads 
- Recent places 


Hard Disk Drives (7) 
— Local Disk (CO 


77.6 GB free of 90.4 6B 


Simple Volume (H:) 


4 90 GB free of 4 96 GB 


Mirror Volume (t) 




II 7GB free of I19G8 


j 4 Libraries 
"• Documents 
• Music 
to. Pictures 
S Videos 


■* Devices with Removable Storage (1) 




DVD RW Drive !D:) 


*■ Computer 
& Local Disk (C:] 
ca Data (E:) 

Backup (F:) 

Local Disk (G:) 
l. Simple Volume 
u Mirror Volume ( 
j Parity Volume (J 


* 9 * Network 


S llerm 


SB Im 
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Lab - 80: Creating Parity (RAID-5) 


Objective: 

To configure RAID-5 volume for fault tolerance. 

Prerequisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server or Domain Controller. 

• A member server running windows sever 2012 or client running windows 7. 

Topology: 



MICROSOFT.COM 

SYS1 SYS2 


Domain Controller / Terminal Server 

IP Address 10.0.0.1 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 


Member Server / Client 

IP Address 10.0.0.2 
Subnet Mask 255.0.0.0 
Preferred DNS 10.0.0.1 


MCSE Lab Manual 


Page | 518 


www.zoomgroup.com 


0 



ZOOM 


.TECHNOLOGIES. 


SYS1- CONFIGURATION 

1. Create multiple iSCSI Virtual Disk (Ex: Vdisk7, Vdisk8, Vdisk9...) 

SYS2- CONFIGURATION 

1. Go to Server Manager File and Storage Services -^Storage Pools-^right click Primordial 
storage pool -^select New Storage Pool 




Server Manager 

*1 


" " Volumes * Storage Pools 


* (§) 1 1 ^ Manage loots 5£>ew yelp 


a 


Servers 

Volumes 

Disks 


Storage Pools 


Shares 

iSCSI 


STORAGE POOLS 


No related virtual disks exist. 

To create a virtual disk, start the New Virtual Disk 
Wizard 


filter 

4 . Slot None 


TASKS - 


fiber 

p 



V 

1 Nwne 

• Storage Spaces (3) 

PdoH 

Pool2 

Type 

Storage Pool 

Stotaq* Pool 

Managed by 

*y^ 

iyi2 

Available to 

‘W 

iyi2 

Read-Wnle Server 

ty%2 

iyi2 

Primordltf 

Avntoblr Drirc 

T 3 


— > 






New Storage Pool- 






New Virtual Disk- 


< f” 


IK 


Add Physical Disk- 


Last refreshed on 5/28/2013 448-44 AM 


Delete Storage Pool 






Properties 


VIRTUAL DISKS 




PHYSICAL DISKS 


ho related data e available. 


| TASKS ▼ 

| Primordial on sys2 

TASKS ~ 


P (W 


Phy&icalDisklO fsy&2) 


Ph/5'C8iD'5k9 (sys?) 
PhytictlDiskfi (sys2) 


Status Capacity 

600 ce 

600 GB 


2. In Before you begin page, click Next. 


T^x 


r- 


Ncw Storage Pool Wizard 


Before you begin 


Before Ytau Begin 


storage Pool Nsrrc 


This wizard helps you group physical dislcs into a storage pool enabling you to make more efficient 
use of disk capacity. After creating a storage pool, you can use space in the pool to create volumes 
on virtual disks which appear as normal disks to the operating system 

To create a stoiage pool, you must have at least one unused physical disk and a storage subsystem 
that can manage it, such as the included Storage Spaces subsystem or the subsystem included with a 
storage device. 

To continue, dick Next. 

Learn more about storage pools 


1— Don't show this page again 


| Nc*t > Creole 


Conce 1 
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3. Enter Name (Ex: Pool3), click Next. 


I I — 


Specify a storage pool name and subsystem 

tou Begin 


storage Pool Na 




Name: Pool 3 

Description: Parity 


rL 


New Storage Pool Wizard 


Select the group of available disks (also known as a primordial pool) that you want to use: 


Managed by 

Available to 

Subsystem 

Pfimoidial Pool 

| sys2 

sys2 

Storage Spaces 

Primordial 



4. Check the boxes, to select the physical disks for the storage pool, click Next. 
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5. Click Create. 



6. Click Close. 
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7. 


In Server Manager, Storage Pools, select Pool3, and click To create a virtual disk ; start the 
New Virtual Disk Wizard. 




Server Manager 

- ; U X | 


" ** Volumes * Storage Pools 


- (3) | JT Manage lools View Belp 



Servers 

Volumes 

Disks 


Stuvaqe Pools 


Shares 

iSCSI 


STORAGE POOLS 


No related eutual disks exist. 


To cede a virtual disk stmt the Me* I /iniral Disk i 

Wizard. 


TASKS ▼ 


PhysicalDtsklO (sys2) 


Ph/s»calDi*k 9 (sy« 2 ) 
Phys*alC*fc8 (syt2) 


fitter 

P 



V 

4. \ame 

Type 

Managco by 

Available to 

Read Write Server 

- Storage Spaces (3) 





Pood 

Storage Pool 

*r* 

*y%2 


Poot2 

Storage Pool 

*ysi 


sys2 

PooG 

Storage Pool 

sys? 


xys? 


<i 


Ill 


>1 

Last refreshed on 5/28/2013 4:49:47 AM 

VIRTUAL DISKS 



PHYSICAL DISKS 


ho related data is a. » table. 


1 TASKS * 

PooG on sys2 

| TASKS - 



S25G8 
5 25 GB 


8. In Before you begin page, click Next. 
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ZOOM 


TECH NOLOGIE! 


9. Select storage pool (Ex: Pool3), click Next. 


-Ie|> New Virtual Disk Wizard I ~ n WBM 


Select the storage pool 

Before You Begin 


Storage Pool 


Virtual D:sk Na^e 


10. Enter Name (Ex: Parity Disk), click Next. 



Storage pool: 


Pool Name 

Managed by 

Available to 

Capacity 

Free Space 

Sut 

Pooll 

sys2 

sys2 

6.50 GB 

4.00 GB 

Sto 

Pool2 

sys2 

sys2 

12.8 GB 

10.0 GB 

Sto 

Pool3 

sys2 

sys2 

15.8 GB 

15.0 GB 

Sto 


IE 


< Previous 


Next > 


Create 


Cancel 
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11. In Layout, select Parity, click Next. 



12. Select Thin or Fixed, click Next. 


iL New Virtual Disk Wizard 


Specify the provisioning type 


Before You Begin 
Storage Pool 
Virtual Disk Nar.s 
Storage layout 


Provisioning 


Size 


Provisioning type: 

!• Thin 

The volume uses space from the storage pool as needed, up to the volume 
O fixed 

The volume uses space from the storage pool egual to the volume size. 


< Previous 

Next > 


Create 

Cancel 
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13. Enter the size of the virtual disk, click Next. 



14. Click Create. 


iL New Virtual Disk Wizard 


Confirm selections 


Before You Begin 
Storage Pool 
Virtual Disk Katie 
Storage Layout 
Provisioning 
Size 


Confirmation 


Confirm that the following are tne correct settings, and then click Create. 


VIRTUAL DISK LOCATION 

Server: 

sys2 

Subsystem: 

Storage Spaces 

Storage pool name: 

Pool3 

Status: 

OK 

Free space: 

15.0 GB 

VIRTUAL DISK PROPERTIES 

Name: 

Parity Disk 

Description: 

Parity Disk 

Storage layout: 

Parity 

Provisioning type: 

Thin 

Requested size: 

15.0 GB 


< Previous 

Next > 


Create 

Cancel 
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15. Click Close, verify for the check box Create a volume when this wizard closes. 



16. In Before you begin page, click Next. 


rL 


Before you begin 


New Volume Wizard 



Before You Begin 


Server and Disc 


This wizard helps you create a volume, assign it a drive letter or folder, and 
then format it with a file system. 

You can create a volume on a physical disk or a virtual disk. A virtual disk is a 
collection of one or more physical disks from a previously created storage pool. 
The layout of data across the physical disks can increase the reliability and 
performance of the volume. 

To continue, click Next. 


□ Don't show this page again 


< Previous 


Next > 


Create 


Cancel 
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ZOOM 

TECH N OLOG IE! 

- 


17. Select the Disk (Ex: Parity Disk), click Next. 



18. Enter the size of the volume, click Next. 
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19. Select the Drive letter, click Next. 



20. Select the file system, click Next. 
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ZOOM 


TECH NOLOGIE! 


21. Click Create. 



22. Verify for the Volumes (Simple, Mirror, Parity). 


fk 

Server Manager 

^lojx | 

©a* 

** File and Storage Services * Volumes * Disks 

* (§) 1 F Manage loots View Help 


■ 

■■ 


a 

is> 

a! 


Servers 

AH deb 1 4 total 






TASKS » 

Volumes 









Filter 



p 

?■' - ® 



V 

| Diski 









Storage Pools 

Number 

Virtual Disk 

Status 

Capacity 

Unolocated 

Parte o« Readonly CArstered 

Subsystem 

Bus Type * 

Shares 

d sys2(4) 







iSCSI 

0 


Online 

149 GB 

33.1 GB 

M8R 


ATA S 


4. 

S mple O'Sk 

Online 

SCO GB 

OCOB 

GPT 

5t<yage Sp. 

Storage $-* 1 


7 

Mirror 

Online 

120 GB 

OCOB 

GPT 

Storage Sp.. 

Storage S~. I 


11 

Parity Dri’ 

Online 

150 GB 

OCOB 

GPT 

Storage Sp... 

Storage P 











< 1 




a 



> 


| Last refreshed on 5/28/2013 4:57:45 AM 


VOLUMES 

Kvi^UccJ Vusin*. ■ 1 tvU 1 [ TASD ▼ 


Filler 

p 


V 





A. Volume 

Status Provisioning 

Capacity 

Free Spa 

a *yr2 (1) 

J: 

Thin 

150GB 

14.9 GB 






<1 ■ [ > 


STORAGE POOL 

DttStMag*S|»U0air«anCys2 | TASKS ▼ 

Pocl3 

Capacity 158 GB 

27% Used ■ 4.25 GB Used Space 

iiM 11.5 GB free Space 

Subsystem: Storage Spaces 
Servers: sys2 

Volumes: J: 
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Verification: 


1. Go to Start, select Computer Icon and verify for the Parity volume. 


^>3* i 

Computer 



1 

| Corrovter View 



V • 

t '** <■ Computer ► 

1 


» o] 

Search Computer P 



*r Favorites 
■ Desktop 
h Downloads 
. . Recent places 

'j 4 Libraries 
2 Documents 
J* Music 
to Pictures 
S Videos 


Hard Disk Drives (7) 
Local Disk (CO 


77.6 GB free of 90.4 GB 

Parity Volume (J:) 


14.8 GB free of 14.9 GB 


Simple Volume (MO 


490GB free of 496GB 


* Devices with Removable Storage (1) 
gj DVD RW Drive (D:) 


Computer 
& Local Disk (CO 
j Daw (EO 
u Backup (F:) 

Local Disk (G:> 
j Simple Volume 
u Mirror Volume ( 
Parity Volume (J 


Mirror Volume (fc) 

II 7GB free of 119GB 


Network 
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Lab -81: Failover Cluster 


Objective: 

To Configuring High Availability of Services using Failover Clustering 

Pre-requisites: 

Before working on this lab, you must have 

• Three computers running Windows Server 2012 OS 

• One Domain Controller and two Member Servers 



MICROSOFT.COM 


SYS1 

Domain Controller 

IP Address 10.0.0.1 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 


SYS2/SYS3 
Member Servers 

IP Address 
Subnet Mask 
Preferred DNS 


10.0. 0.2/10.0.0.3 

255.0. 0.0 

10.0. 0.1 
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Assigning ISCSI Disks to Hosts 

1. In SYS1, install ISCSI Target Server and configure three ISCSI Disks to SYS2 and SYS3 with each 
size 10 GB 



2. In SYS2->click Start->go to ISCSI initiator->connect to Target Server using IP 10.0.0. l->open 
Disk Management and verify three disks connected. 






Disk Management 


- “I'l 

File Action View Help 

♦>■*1 snl B SB 0 X 

C & 04 ■y 







Volume | Layout 

1 Type | 

File System | 

Status 

Capacity 

| Free S_ 

I % Free 


“ (C) Simple 

Basic 

NTFS 

Healthy .. 

38.72 GB 

27.27 .. 

70% 


• “System Reserv- Simple 

Basic 

NTFS 

Healthy ... 

350 MB 

109 MB 

31 % 



L -“ Disk 0 

Basic 
74.53 GB 

Online 


Disk 1 

Unknown 
10.00 GB 
Not Initialized 


Disk 2 


Unknown 

10.00 GB 

Not initialized 

1000 GB 

Unallocated 

^ Disk 3 


Unknown 

10.00 GB 

Not Initialized 

10 00 GB 

Unallocated 


(C:) 

38 72 GB NTFS 35.47 GB 

Healthy (Boot, Page Fite, Crash Dump Primary Par Unallocated 


1000 GB 
Unallocated 


System Reserved 

| 350 MB NTFS 

!j Healthy (System. Active, Pr 


I Unallocated B Primary partition 
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Installing Failover Clustering 

1. In SYS2^open Server Manager->add Roles and Features^in Features->check the box 
FailoverClustering->click next->next->click Install 


t- 


Select features 


Add Roles and Features Wizard 


bd 


3E5TIN*T©N S£WDt 
5V52 r c?o*l ton 


Brfcre tOu BeQln 
IrraL'aoor 
server seection 

Serv*i' Bot; 

COr , Vm?tlO f ' 


Selrd or* or mar* featu'n to ir trail an the selected server 


Features 


P Cl NET Fr jmettO'k 3.5 Featuiet 
P |a WET FramevtorV 4.5 features (Installed) 

i C Background Intelligent Transfer Service !BITS] 

[~1 6 tLoccer Drrve Encrypt on 

□ B tLocfcer Network Unlock 
D BranchCache 

□ Client for NFS 

C. Data Center Bridging 
Cl Enhanced Storage 

a TTini mg 

C] Group Policy Management 

| j nk end Handwriting Serve e* 

r ' Internet Printing Clwnt 
H lP Addrrtt Management (IPAM) Server 
1 iSNS Server «erv«ce 
I ! tPR Port Monitor 
Cl Management C Data IlS Extension 
I 1 Media Foundation 

Cl Message Queuing 

D Multipath I/O 

C Mrtworir Load Balancing 

C Pw Name Revolution Protocol 

Cl Quality Windows Audio Video Expenence 

f~i RAS Connection Manager Administration Krt (CMAJCj 

Cl Remote Assistance 




Description 

s 3ilcvfif Clustering a ows multiple servers to erode 
together to provide high avaiab lity of server rotes 
Farlcver Clusirmg n often uved for file Services, 

virtual machines data case applications, and mar' 

applications. 


| < Prevous | j»e«t > [ Jn**a! ' Cancel | 


2. Repeat the same steps in SYS3 also 
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Create Necessary Volumes for Failover Cluster 

1. In SYS2->open Disk Managements right click DisklS Initialize 


a- 



Disk Management 


File Action View Help 

* * S3 □ “ [?) CS' SB 

Volume Layout 

Type 

Filesystem 

Status | Capacity 

Free S._ 

% 

c -* (C) Simple 

Basic 

NTFS 

Healthy .. 38.72 GB 

27.27 .. 

70 

-•System Reserv.. Simple 

Basic 

NTFS 

Healthy .. 350 MB 

109 MB 

31 


DiskO 



Basic 

System Reserved 

<C:) 

74.53 GB 

350 MB NTFS 

38.72 GB NTFS 

Online 

Healthy (System, Active, Pr Healthy (Boot, Page File, Crash Dump. Prim; 




Disk 1 



Unknown 



1000GB 

10.00 GB 


Not Initialized 

• * - . ii 


Initialize Disk 



Offline 





^ Disk 2 

Properties 


Unknown 

Help 


10.00 GB 

10.00 GB 


Not Initialized 

Unallocated 





Disk 3 



Unknown 



10.00 GB 

10.00 GB 


Not Initialized 

Unallocated 



2. Select all three disksSselect GPTSclick Ok 
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3. Right click DISKlunallocated space->create New Simple Volume->repeat same steps for disk2 
and disk3 





Disk Management 


L=— * 1 

File Action View Help 

*«♦ *| ti t:| 12 «f SA 

Volume | Layout 

1 Type 

File System 

Status Capacity 

| Free S-. 

% Free 


(C:) Simple 

Basic 

NTFS 

Healthy - 38.72 GB 

27.27 - 

70% 


^ 'System Reserv Simple 

Basic 

NTFS 

Healthy .. 350 MB 

109 MB 

31 % 



“ Disk 0 



Basic 

74-53 GB 

Online 

System Reserved 

350 MB NTFS 

Healthy (System, Active. Pr 

(C:> 

38 72 GB NTFS 

Healthy (Boot Page File, Crash Dump, Primary Par 

35.47 GB 

Unallocated 

u Disk 1 







Basic 

9.97 GB 

9.97 GB 






Online 

New Spanned Volume.. 






New Striped Volume... 







New Mirrored Volume... 




a Disk 2 

New RAID 5 Volume.- 




Basic 

9.97 GB 

Online 

Convert to Dynamic Disk .. 

Convert to MBR Disk 





Offline 






Properties 





Disk 3 

Help 



Basic 

9.97 GB 

Online 

9 97 GB 

Unallocated 







I Unallocated I Primary partition 


4. Verify three Disks are Online 

3 Disk Management — 1 a t x 

Eile Action View delp 

«■ *1 eti Urn (D^sl 


Volume 

Layout 

Type 

FileSystem 

Status 

Capacity 

Free S. 

% Tree 

>-»(« 

Simple 

Basic 

NTFS 

Healthy _ 

3872 GB 

2777.. 

70% 

>-»New Volume (_. 

Simple 

Basic 

NTFS 

Healthy . 

9.97 GB 

9.88 GB 

99% 

'-'New Volume L 

Simple 

Basic 

NTFS 

Healthy - 

9.97 GB 

9.88 G8 

99% 

■-•New Volume (.. 

Simple 

Basic 

NTFS 

Healthy - 

9.97 GB 

9.88 GB 

99% 

>-» System Reserv... 

Simple 

Basic 

NTFS 

Healthy „ 

350 MB 

109 MB 

31 % 





a Disk 1 



Basic 

New Volume (0:) 


9.97 GB 

997 GB NTFS 


Online 

Healthy (Primary Partition) 


j 



■=■ Disk 2 



Basic 

New Volume (E:> 


9.97 G8 

9 97 GB NTFS 


Online 

Healthy (Pnmaiy Partition) 


“ Disk 3 



Basic 

New Volume (F) 


997 GB 

9.97 GB NTFS 


Online 

Healthy (Primary Partition) 


• Unallocated ■ Primary partition 

V 
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Create Failover Cluster 


1. Log on to SYS1 as Administrator->click Press Windows Key to go to Start^select Failover 
Cluster 

x 



2. Right click Failover Cluster->create Cluster 
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3. Click Next 



4. Click Next->Browse 



Oeaie Clustef Wizard 


■ 


B-f bat You Be-gi 


SdrCt 


VaUatvn /far if g 

Access Peart for 
Aimsee^lhe 
Qufitr 

Cacrtiraccn 
Dealing Me* si« 
Surmary 


Add ’hr cf dl the server lh<r >ou *»<r1 'o hove n the ouSer Y<>j nual gdd at lees one senre r 


Sfro-ee-vernare 
Selected servers 


1 

f JjTwrie 


[ Rarovc 


c Erevoua 


[ Cancel | 


5. Enter SYS2 name and click check names->click OK 


Select Computers 


Select tNs object type : 


Computers 

Object Types 

From this location. 


microsoft.com 

Locations. 

Enter the obiect names to select fexamolesl: 



5Y52I 


Check Names 


Advanced. 


OK 


Cancel 
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6. Click Next 





Select Servers 


Create Cluster Wizard 


Before You Begin 


Select Servers 


Validation Warning 

Access Point for 
Administering the 
Cluster 

Confirmation 

Creating New Ouster 

Summary 


Add the names of aH the servers that you want to have in the cluster You must add at least one server 


Bter server name: 
Selected servers: 



Browse ... 




5YS2.micro3oft com 


Add 


Remove 


< Previous 


Next :> 


Cancel 


7. Select No->click Next {ignore any warnings} 




Create Cluster Wizard 


x 



Validation Warning 


Before You Begin 
Select Servers 


Validation Warning 


Access Point for 
Administering the 
Ouster 

Confirmation 

Creating New Ouster 

Summary 


For the servers you selected for this cluster, the reports from cluster configuration validation tests 
| appear to be missing or in complete Microsoft supports a duster solution only if the complete 
configuration (servers, network and storage) can pass all the tests in the Validate a Configuration 
wizard. 

Do you want to run configuration validation tests before continuing"? 


Yes When I dick Nead. run configuration validation tests, and then return to the process of creating 
~ the duster 

s~\ No. I do not require support from Microsoft forthis duster, and therefore do not want to run the 
validation tests When I click Next, continue creating the duster 


More about Microsoft support of duster solutions that have passed validation tests 


< Previous 


Next > 


Cancel 
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ZOOM 


TECH NOLOGIE! 


8. Enter cluster name example MyCluster-^ enter IP Address (Ex:-10.0.0.50)“^click Next 



9. Click Next 





Confirmation 


Create Cluster Wizard 


Before You Begin 

Select Servers 

Validation Warning 

Access Point for 
Administering the 
Ouster 


Confirmation 


Creating New Cluster 
Summary 


You are ready to create a cluster 

The wizard will create your cluster with the following settings : 


Cluster: mycluster 

Node: SYS2.microsoft.com 

IP Address: 10.0.0.50 




To continue, dick Next 


c Previous 


Next > 


Cancel 
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10. Click Finish 
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.TECHNOLOGIES. 


Adding nodes and disks to cluster 

1. Open Failover Cluster Manager->right click Nodes->add Node 



Failover Cluster Manager 


File Action View Help 



•Cj 

m B 

m 


Failover Cluster Manager 
^ mycluster.microsoft.com 
il Roles 


- Nodes 


I SYS 


Add Node... 


t> ^ Storag 
t> |p Netwo 
III] Cluster 


View 

► 

Refresh 



Help 


Nodes 


Name 

| SYS2 


Status 

(?)Up 


2. Click Browse->enter SYS3 name->click check Names->click Ok->Next 
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3. 


In Confirmation Windows Uncheck the Box add All Eligible Storage^click Next 



4. Click Next 


y 



Confirmation 


Add Node Wizard 



Before You Begin 
Select Servers 


Confirmation 


Configure the Cluster 
Sum maty 


You are ready to add nodes to the duster. 


Node: 


SYS3.microsoft.com 


V 

Add all eligible storage to the duster. 

To continue, dick Next 


c Previous 


Next > 


Cancel 
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5. Verify Nodes (Ex: SYS2,SYS3) 



6. In Failover Cluster Manager->expand Storage-> right click Disks->add Disk 






Failc 


File Action View Help 

«■ * *| a3 a[s 


^ Failover Cluster Manager 
a mycluster.microsoft.com 
^ Roles 

* -31 Nodes 
1 SYS2 
I SYS3 
■* ^ Storage 
ja Disks 


3 Pools 
> ^ Networt 
Oil Cluster 


Disks (0) 



Add Disk 


Move Available Storage 

View 

Refresh 

Help 
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7. 


Select all three disks->click Ok 


Add Disks to a Cluster 


Select the disk or disks that you want to add. 


Available disks: 


Resource Name 

Disk Info 

Capacity 

Signature/ld 

0 Ouster Disk 1 

Disk 3 on node SYS2 

10GB 

[663b4 1 a O-be 56-4 1 30t) 95 7 e e 1 1 a 6 70ee 

0 J j Ouster Disk 2 

Disk 2 on node SYS2 

10GB 

{ 7e a 834248 7e 4G36-b ab 3 -e B5d S89ac 86. . . 

0 Ouster Disk 3 

Disk 1 on node SYS2 

10GB 

{ 86b 793c 7-f 6ab 42a4-a 4SF-01 c54S62db2f ) 


8. Verify Cluster Diskl, Cluster Disk2 and Cluster Disk3 
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9. Right click Cluster Diskl->select Add to Cluster Shared Volumes 


Failover Cluster Manager 


File Action View Help 


&■ + sSl □ T 

li Failover Cluster Manager 
* ^ mycluster.microsoft.com 
5 Roles 
\ ^ Nodes 
* tJ Storage 
a Disks 
§ Pools 
F V Networks 
SI Cluster Events 



10. Verify Cluster Diskl assigned to Cluster Shared Volume 
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11. Repeat same steps on Cluster Disk2 



12. In SYS2 and SYS3 verify two new Shared Volumes in C:\ClusterStorage 


ii S'* * 



C)u$te*Storage 


- ’I* 1 


View 




> e 

n i • h 



»fc] 

| Seated QuawStorage p\ 

w favorites 

■ Desktop 

• Downloads 

It Recent places 

Name 

& Volume 1 

J0 Volume2 


Date modified type 

7/50/201 5 1 1 file (older 

7/30/2015 1t_ file folder 

S*2C 

10.4S0.9. 

10450.9- 


'jt libranes 

• Documents 

£ Music 

Pictures 

M Videos 






* Computer 

im Local Disk (O 
.3 New Volume (D 






*ki Network 






2 items 





B« 
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13. In Failover Cluster Manager->right click mycluster.microsoft.com->click More Actions->click 
Configure Cluster Quorum Settings 



14. Click Select Quorum Configuration Option page->select add or change the quorum 
witness->click Next 
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15. Click Select Quorum Witness Page->select Configure a Disk Witness 


Configure Cluster Quorum Wizard 




Select Quorum Witness 


Before You Begin 

Select Quotum 
Configuration Option 


Select Quorum 
Witness 


Configure Storage 

Witness 

Confirm ation 

Configure Ouster 
Quorum Settings 


Nodes that are configured to be members of the duster: 2 

Nodes that are assigned votes to participate in quorum calculations: 2 

Ouster dynamically manages vote assignment: Enabled 

Select to add or change the quorum witness for your duster configuration The recommendations ane based 
on providing the highest availability for your duster 

(?) Configure a disk witness (recommended foryour current configuration) 

Adds a quorum vote of the disk witness 
O Configure a file share witness (recommended for special configurations) 

Adds a quorum vote of the file share witness 


Summary 


o 


Do not configure a quorum witness (not recommended foryour current configuration) 


Failover Ouster Quorum and Witness Configuration Options 


< Previous 


Next > 


Cancel 


16. Click Configure Storage Witness Page->check the box for Cluster Disk3 
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17. Click Next 



Confirmation 


Configure Cluster Quorum Wizard 


Before You Begin 

Select Quorum 
Configuration Option 

Select Quorum 
Witness 

Configure Storage 
Witness 


Confirmation 


Configure Ouster 
Quorum Settings 

Summary 


You are ready to configure the quorum settings of the duster 


Quorum Configuration: Node and Disk Majority 
Storage: Cluster Disk 3 

Cluster Managed 
Voting: 


Enabled 


Your cluster quorum configuration will be changed to the configuration shown 
above. 


To continue, click Next 


■c Previous 


Next > 


Cancel 


18. Click Finish 
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19. Verify Three Disks in Failover Cluster Manager as below 



19. Install Hyper-VRole in SYS2 and SYS3 

20. In SYS3 create a new Virtual Machine(Ex: Testl) 




Hyper-V Manager 


I- e 


File Action View Help 

+ +1 fl® h3§ 


Hyper-V Manager 
ii SYS 3 


Virtual Machines 


Name 

«r~ 


State CPU Usage Assigned Mem... Uptime 


Running 0 % 


Status 


in 


Snapshots 


The selected virtual machine has no snapshots 


testl 



Created: 7, '30/2015 3:32 18 PM 
Notes: None 


Clustered: No 

Heartbeat OKiApplcatons 
Healthy) 


Summary Memory j Networking | Replication 


Actions 

SYS3 ME 



New 

► 

Li» 

Import .. 


/I 

Hyper-. 



Virtual .. 


JL 

Virtual .. 



Edit DC. 


a 

Inspect.. 


9 

Stop S.. 


* 

Remov... 


Ci 

Refresh 



View 

► 

B 

Help 


testl 

afc. 

*3 

Cormec... 



Setting... 


9 

Turn Of... 


9 

Shut D-. 


© 

Save 



Turns off the selected virtual machine. 
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Configuring Roles 


1. In Failover Cluster Manager->expand mycluster.microsoft.com->right click Roles^click 


2 . 


Configure Role 



Select Virtual Machine->click Next 


I ligh Availability Wizard 



Select Role 


Before You Beg n 


SeltrclRole 


Select Virtual Machine 

Confirmation 

Configure High 
Availability 

Summary 


Select the role tt at you want to configure for high availably 


yGenenc Service 
j Hyper-V Replica Broker 
O-iSCSI Target Server 
C'iSNS Server 
^Message Queuing 
9 Other Server 


Virtual Machine 


WINS Server 


A 


Description 


A virtual machine is a virtualized compute- 
system running on a physical computer 
Multiple virtual machines can run on one 
computer. 


More abo Jt roles fiat you can configure tor high availability 




< Previous 


Nexl> [ 


Cancel 
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3. 


Check the box Testl->click Next 


* 



Select Virtual Machine 


High Availability Wizard 


■ 


Before You Begin 
Se ed Role 


Se'ect Virtual Machne 


Confirmation 

Configure High 
Availability 

Summery 




Select the virtual machine(s) that you waritto conf guie foi high availability 


Name 


Status 

Host Server 


Ivl j tesll 


Running 

SYS3 micro soft com 


Shutdown 

Save 



Rotrosh 


< Previous 


Next > 


Cancel 


4. Click Finish 
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TECH NOLOGIES> 


5. In Failover Cluster Manager->Verify Testl under Roles and Owner Node SYS3 



6. In Failover Cluster Manager->expand mycluster.microsoft.com^select Roles-^ under Roles 
right click Testl->click Move->select Virtual Machine Storage 
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7. 


In Move Virtual Machine Storage Page->expand Virtual Machine Testl-> right click 
Testl^click Copy 


Failover Cluster Manager 



Move Virtual Machine Storage 


In the upper pane, select a virtual machine or specific files on a virtual machine, then drag and < 
pane. Review the upper pane to confirm that the Destination Folder Path is correct. Then click ' 

Copy 


Rie Type 

Q j Virtual Machine testl 
5 testl vhdx 
£9 Snapshots 

Second level paging 
Current configuration 


Source Folder Path Destination Fclde 



C:\ProgramData\Miaos. 


s 




8. In Cluster Storage-^select Volumel^ right click-^click Paste 



9. Verify testl.vhdx in Volumel 


^ Add Share F Open [] ^ 


-a Cluster Storage 

Name 

Size 

) Volumel 

testl.vhdx 

6 GB 

> ) Volume2 





Start 

Cancel 
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Verification: 



Quick Migration 


1. In SYS2 open Failover Cluster Manager->expand mycluster.microsoft.com^select 
Roles->under Roles verify Testl Owner Node is SYS3 



2. Disable SYS3 Lan Card->in SYS2 open Failover Cluster Manager->under roles verify 
TestlOwnerNode becoming from SYS3 to SYS2 automatically. 
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Live Migration 

3. In SYS2 open Failover Cluster Manager->click Roles->right click Testl^click Move->click Live 
Migration->select Best Possible Node 



4. Verify Testl status and Owner Mode changes to SYS3 
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Lab - 82: Configuring Windows Server Backup and Recovery 


Objective: 

ToProtect files by taking backup using Windows Server Backup 

Prerequisites: 

Before working on this lab, you must have 
• A Computer with Windows Server 2012 Domain Controller 

Topology: 



SYS1 

Domain Controller 

IP Address 10.0.0.1 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 
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Installing Windows Server Backup 

1. Login as Administrator, go to ServerManager Dashboard and click Add roles and features. 




Server Manager 


1 M 


Server Manager * Dashboard 


) 1 | ^ Manage loots View Help 



| local Server 
li AH Servers 
Hfl ADDS 
& DNS 

B| Hie md Slouge Services (■ 


WELCOME TO SERVER MANAGER 


<JUK K MARI 

O Configure this local server 


: 2 Add roles and features 

WHATS NEW 

3 Add other servers to manage 

4 Create a server group 

Hide 

U4RN MORE 


ROLES AND SERVER GROUPS 

Holes: 1 | Server groups I | Servers total 1 


iff AD DS 1 


£ DNS 1 

0 Manageability 


@ Manageability 

Events 


Events 

Services 


Services 

Performance 


Performance 

BPA results 


BPA results 


2. In Before you begin page, click Next. 
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3. Select Role-based or feature-based installation, click Next. 


r- 


Add Roles and Features Wizard 


L=!h 


X 


Select installation type 


DESTINATION SERVER 
SVS1.V1icroscft.com 


sefore you Begin 


installation Type 


Server Selection 


Select the retaliation type You car install roles and features on a running physical computer or virtual 
machine, cr on an offline virt ial hard dick (VHD). 


Roic-based or feature-based installation 

Configure a single server by adding roles, role services, and features. 


Remote Desktop Services installation 

install required role services for Virtual Desktop infrastructure (VDI) to create a 
virtual machine-based or session-based desktop deployment. 


< Previous 


Next > 


install 


Cance 


4. In Select destination server page, select a server (SYSl.Microsoft.com) from the server pool 
and click Next. 
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5. In Select server roles page, click Next. 



6. In Select features page, check the box Windows Server Backup and click Next. 
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7. Check box Restart the destination server automatically if required, click Install. 



8. Click Close to complete the feature installation. 
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How to Backup Data using Windows Server Backup 

1. Go to Start, type Windows Server Backup in Search Apps, select Windows Server Backup. 


Search 


Apps Results for Windows Server Backup Apps 


Windows Serve* 
Backup 


Windows Server Barkup| 


TT«i Apps 


Settings 


Internet Explorer 


2. Select Windows Server Backup, (or) to use online backup click Continue under Online backup. 


wbadmin - (Windows Server Backup (Local)) 


I I — 


File Action View Help 


Windows Server Backup 
Local Backup 


Local Backup 

Last Backup Status: 

Next Backup Time: 

Number of available backups: 


Actions 

Windows Server Back. 


View 
U Help 


Online Backup 

You can now backup your critical data to online storage automatically. More Informati 

(J) You need a user ID to register your server and start using the Windows Azure Online 
agent. 

Continue 
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3. Select Local Backup, and click Backup Once. 



wbadmin - (Windows Server Backup (LocalKLocal Backup! 

31-la j x | 

£ile Action View Help 

** filEl HIseI 




# Window; Server Backup | 
^ Local Backup 


Local Backu 




You can perfoim a single backup or schedule a tegular 


, No backup has been configured for this computer Use the Backup Schec 
backup 

I 

Messages (Activity from last week, double dick on the message to sec detai 


Time 


Message 


Description 


Status 

Last Backup 

Status: 


Next Backup 

Status 


Actions 
Local Backup 

i- Backup Schedule.. 
to Backup Once . 

8* Recover.. 

Configure Performance Settin... 
View ► 

Q Help 


4. Select Different Options, click Next. 




Backup Once Wizard 


I? 


Backup Options 


Backup Options 


Select Backup Configur... 
Specify Destination Type 
Confirmation 
Backup Progress 


Create a backup now using: 

O Scheduled backup options 

Choose this option if you have created 
a scheduled backup and want to use 
the same settings for this backup. 

Different options 


Choose this option if you have not 
More about backing up vour server u 



< Previous 


Next > 


Backup 


Cancel 
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5. Select Custom, click Next. 




In Selects items for Backup, click Add Items. 


0 
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TECH NOLOGIES. 


7. In Select Items window, check the box imp data folder, click OK. 



Select Items 


Specify items to include in the backup by selecting or clearing the associated check boxes. The items that you 
have included in the current backup are already selected. 



8. In Select Items for Backup page, click Next. 


■ 




Backup Once Wizard 




Select Items for Backup 


Backup Options 
Select Backup Configur... 


Select Items for Backup 


Specify Destination Type 
Confirmation 
Backup Progress 


Select the items that you want to back up. Selecting bare metal recovery will 
provide you with the most options if you need to perform a recovery. 

Name 
^Data (E:) 


Add Items 


Remove Items 


Advanced Settings 


Choosing what to include in a backup 


< Previous 

Next > 

Backup 

Cancel 
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9. In Specify Destination Type page, select Local drives, click Next. 


■ 




Backup Once Wizard 


& 


Specify Destination Type 


Backup Options Choose the type of storage for the backup: 


Select Backup Configur... ® Loca) drives 


Select Items for Backup 


Specify Destination Type 


Select Backup DestinatL 
Confirmation 


Example: local disk (D:). DVD drive (E:) 


O Remote shared folder 

Example: \\MyFileServer\SharedFolderName 


Backup Progress 


Choosing a storage location 


< Previous 


Next > 


Backup 


Cancel 


10. In Select Backup Destination, select Backup destination Backup Drive, click Next. 




Backup Once Wizard 


m 


& 


Select Backup Destination 


Backup Options 
Select Backup Configur .. 

Select Items for Backup 
Specify Destination type 


Select Backup Pest i not i.. 


Confirmation 
Backup Progress 


Select a volume to store the backup An external disk attached to this computer 
is listed as a volume. 

Backup destination: 

Total space In backup destination 

Free space in backup destination: 3.94 GB 


Backup (F:) 


4.00 GB 


< Previous 


Next 


Backup 


Cancel 
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11. In Confirmation page, click Backup. 



Confirmation 


Backup Once Wizard 


x 


Backup Options 

Select Backup Configur... 

Select Items for Backup 
Specify Destination Type 

Select Backup Destinati... 


Confirmation 


Backup Progress 


A backup of the items below will now be created and saved to the specified 
destination. 


File excluded: 

None 

Backup destination: 

Backup (F:) 

Advanced option: 

VSS Copy Backup 

Backup items 


Name 


>^Data (E:) 



< Previous 


Next > 


^ 

Backup 


Cancel 


12. Finally click Close. 


■ 


te* 


Backup Once Wizard 


& 


Backup Progress 


Backup Options 

Select Backup Configur ... 

Select Items for Backup 
Specify Destination Type 

Select Backup Destinati.. 
Confirmation 


Bai kup Progress 


Status; Completed. 

Status details 

Backup location: F: 

Data transferred: 48.94 MB 
Items 


Item 
Data (E:) 


Status 

Completed. 


Data transferred 
48.94 MB of 48... 


< Previous 


Next > 


Close 


Cancel 
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How to Recover the Data from Backup File 

1. Before Restoration, go to the drive and delete the data, (only for Lab purpose) 

2. Go to Windows Server Backup, select Local Backup, and click Recover. 


3. 


41 

wbadmin - [Windows Server Backup (Local)\Local Backupl 

-!***■ 

File fiction View Help 

** fiH Qli 




# Windows Serve* Backup 
Local Backup 


Local Backu 




You can perform a single backup or schedule a regulai 


^ No backup has been configured for this computer Use the Backup Sche 
backup 

■ 

Messages (Activity from last week, double dick on the message to see deti 


Actions 
Local Backup 

lb Backup Schedule .. 
tf» Backup Once.. 

Configure Performance Setfin.. 

View * 

□ Help 


Time ’ Message 

(D 5/28/2013 200 AM Backup 


Status 


Description 

Successful 


Last Backup 

Status: O Successful 

< | ai 


Recovers data from an existing backup. 


Next Backup 

Status: Not scheduled - j 


In Getting Started page, select This server, click Next 
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4. Select Date and Time of the Backup file to be restored, click Next. 



5. In select Recovery Type, select Files and folders, click Next. 



0 
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6. Select the folder or files to be recovered and click Next. 



7. Select Original location, click Next. 
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8. In Confirmation page, click Recover. 



9. Click Close. 



Verification: Go to the drive and verify for the folder and files. 
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Lab - 83: Configuring Network Load Balancing 


Objective: 

To Balance the Load between Web Servers using Network Load Balancer 

Prerequisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A computer running windows 2012 server or Member Server. 

Topology: 



SYS1 (Web Server) 

Domain Controller 

IP Address 10.0.0.1 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 


SYS2 (Web Server) 

Member Server 

IP Address 10.0.0.2 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 
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SYS1 and SYS2 Configuration 

1. Login as Administrator, go to Server Manager Dashboard and click Add roles and features. 


h. 

Server Manager 

- 1 * 1*1 


Server Manager * Dashboard 

* (5) | ^ Marwgp loots Vew Help 


IB Dashboard 


| Local Server 
la All Servers 
HI ADDS 
A DNS 

i| hie and Stoiage Services <- 


WELCOME TO SERVER MANAGER 


<JUK K SI All 

O Configure this local server 


WHATS MEW 

' 2 Add rote and features 

3 Add other servers to manage 

4 Create a server group 


■ 


Hide 




ROUS AND SERVER GROUPS 

Roles: 3 | Server group*: 1 | Servers rot at I 


igi AD DS 1 


£ DNS 1 

(t) Manageability 


© Manageability 

Events 


Events 

Services 


Services 

Performance 


Performance 

BPA results 


BPA results 


2. In Before you begin page, click Next. 
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3. Select Role-based or feature-based installation, click Next. 


r- 


Add Roles and Features Wizard 


L=!h 


X 


Select installation type 


DESTINATION SERVER 
SVS1.V1icroscft.com 


sefore you Begin 


installation Type 


Server Selection 


Select the retaliation type You car install roles and features on a running physical computer or virtual 
machine, cr on an offline virt ial hard dick (VHD). 


Roic-based or feature-based installation 

Configure a single server by adding roles, role services, and features. 


Remote Desktop Services installation 

install required role services for Virtual Desktop infrastructure (VDI) to create a 
virtual machine-based or session-based desktop deployment. 


< Previous 


Next > 


install 


Cance 


4. In Select destination server page, select a server (SYSl.Microsoft.com) from the server pool 
and click Next. 
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5 . 


6. 


In Select server roles page, click Next. 



In Select features page, check the box Network Load Balancing and click Next. 




Add Roles and Features Wi7ard 


- a 


X 


Select features 


DESTINATION SERVER 
sysunicrosoflcom 


Before Ybu Begir 
Installation Type 
Server Selection 
Server Roles 


Features 


Confirmation 


Select one or more features to install on ttie selected server 

Features 

I I Failover Clustering 
3 Group Policy Management (Installed) 

I Ink and Handwriting Services 
I I Internet Printing Client 

0 IP Address Management (IPAM) Server 

□ ISNS Server service 

1 I LPR Port Monitor 

I Management OOata IIS Extension 
I I Media Foundation 
> □ Message Queuing 
1 I Multipath I/O 

a 

0 Peei Name Resolution Protocol 

1 I Quality Windows Audio Video Experience 

□ HAS Connection Manager Administration Kit (CMAK) 

1 Remote Assistance 

cl III ~ I> 


Description 

Network Load Balancing (NIB) 

distnbotes traffic across several servers, 
using the I CP/IP networking protocol. 
NLB is particularly useful for ensuring 
that stateless applications such as Web 
servers running Internet Information 
Services (IIS), are scalable by adding 
additional servers as the load increases 


< Previous 


Next > 


Install 


Cancel 
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7. Check box Restart the destination server automatically if required, click Install. 




Add Roles and Features Wizard 


- a x 


Confirm installation selections 


DESTINATION SERVER 
sysl.nracrosofUom 


Before Begir 
Inst* 1 atton Type 
Server Se teener 
Server Roles 
Featjres 


Confirmation 


To install the following roles, role services, or features on selected server, dick Install. 

I~~l Restart the destination server automatically if required 

Optional features (such as administration tools) might be displayed on this page because they have been 
selectee automatically. It you do not want to install these optional features dick Previous to dear their check 
bones. 

Network Load Balancing 
Remote Server Administration Tools 
Feature Administration Tools 

Netwoik Load Balancing Toots 


Export configuration settings 
Specify an alternate source path 


< Previous 


install Cancel 


8. Go to Start, click Network Load Balancing Manager. 


Start 


administrator 


L 

V 


Servei Mar «qei 

Windum 

PowefS hell 

Adrre rut trot rve 

Tools 

Q 



Computer 

Task Manager 


W 

B 


Control PanH 

Internet explorer 


Domain Controller 


UeaXtcp 




& 

Ffc- Server 

Resource... 

Window* Server 
Backup 

?_ 


DHCP 

Window* 

Deployment. 

t L 

Network load 

Bab-ee*} .. 





Activate Windows 

Go to Action Center to activate 
Windows. 
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9. Click Cluster, select New. 



10. Enter the host name Sysl.microsoft.com and click Connect and Next. 
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11. Verify the Priority and click Next. 



12. Click Add 



13. Enter Cluster IP Address (Ex: 10.0.0.100) and Subnet (Ex: 255.0.0.0) 
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14. Enter the Full Internet Name (Ex: www.microsoft.com) 



15. Click Finish. 



New Cluster ; Port Rules 

Defined port rules 



Port rule description 

TCP and UDP traffic drected to any cluster IP address that arrive* on ports 0 througn 65535 
is balanced ac-oss mutfcpie members of the duster according to the load weight of each 
member Client P addresses are used to assign client connections to a specific cluster host 









<Back 

Finish 


Cancel 


Help 





" W J 


- 
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16. Verify for Sysl added as host in Cluster. 


17. 


Network Load Balancing Manager 


L^isj 


Eile Cluster Host Options Help 


Network Load Balancing Clusters 
- ?4i www.rrucrosoft.coin {10.0.0.100! 


SYS1 (Ethernet) 


Portiutes configured on SYS1 (Ethernet) 

Clusta IP address Status Start End Protocol Mode 

All Enabled 0 65535 Both Multiple 


Priority 


Load 

Equal 


Aftnrl 

Singl 


Log E_ 

Date 

Time 

Cluster 

Host 

Description 

0001 

8/1/20. 

64926 .. 



NLB Manager session started 

0002 

8/1/20- 

6:4926 -. 



Loading locally bound instances 

0003 

8/1/20. 

70337 .. 

100.0.100 

SY51 

Begin configuration change 

0004 

8/1/20- 

703:46.. 

10.0.0.100 

srsi 

Waiting for pending operation 2 

0005 

8/1/20- 

7:04:03 .. 

100.0.100 

SY51 

Update 2 succeeded (double dick for details...] 

0006 

8/1/20. 

7 0403.. 

100.0.100 

SY51 

End configuration change 


Right click on the Cluster (Ex: www.microsoft.com), select AddHosttoCluster. 



Host Description 

NLB Manager session started 
Loading locally bound instances 

Loading configuration information from host ' sysl. microsof loom" for cl... 


Log E.. Date Time 

0001 8/1/20.. 729:17.. 

0002 8/1/20.. 729:17.. 

0003 8/1/20.. 7:2929.. 


Cluster 
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ZOOM 


TECH NOLOGIE! 


18. Enter Host name SYS2, click Connect and Next. 



19. Verify the Priority and click Next. 




Click Finish 
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ZOOM 


TECH NOLOGIES> 


21. Verify the hosts in status of Converged. 


Network Load Balancing Manager 


_ a 


Eile Cluster Host Options Help 


www.microsoft com (10 0.0.100) 


& Network Load Ba ancmg Clusters 

- h r 

S SVS1 (Ethernet) 

JsJ SYS2 (Ether net) 


Hotf configuration information forhosiain duster ww* micros oft com (10 0 0 100) 


Host |lntertaee) 

@SYS1(Bheirte() 

gjSVS2(E*iemeI) 


Status 

Converged 

Converged 


Dedicated IP addre 
10001 
100 02 


Dedicated IP subne 
256 0 0 0 
255 0 0 0 


Host pno 
1 
2 


Init a I host sta 

started 

started 


Log E_ 

Date Time Cluster 

Host 

0002 

8/1/20... 7:29:17. 


0003 

8/1/20.. 72929. 


0004 

8/1/20. 7:32:12 _ 10.0.0.100 

SYS2 

0005 

8/1/20.. 7:3212. 10.0.0.100 

SYS2 

0006 

8/1/20 7:32:28 _ 10.00100 

SYS2 

0007 

8/1/20.. 7:3228. 10.0.0.100 

SYS2 


Description 

Loading locally bound instances 

loading configuration information from host “sysl .m icro5off.com" for cl.. 

Begin configuration change 

Waiting for pending operation 2 

Update 2 succeeded [double click for details. ] 

End configuration change 


22. Configure DNS Host record for Cluster IP Address. 


A 


DNS Manager 


X 


File 


Action View 

*3 x 


Help 


U th li; 


L DNS 
•1 | SYS1 

• t Forward Lookup Zo 
!• - _msdcs micro soft 
F .. miaosoft.com 
v ~ Reverse Lookup 
t> _j Trust Points 
v " Conditional Forvj 
t- Global Logs 


ill 


Name 
,.J msdcs 

D3 _sites 
_i _tcp 


Type 


Data 


Timestamp 


Update Server L>ata File 

Reload 

New Host (A or AAAA)._ 
New Alias (CNAME). 

New Mail Exchanger (MX)_ 
New Domain. 

New Delegation. 

Other New Records. 

DNSSEC 

All Tasks 

View 

Delete 

Refresh 

Export List.. 

Properties 

Help 


Authority (... 
(NS) 


[78J, sys 1. micro soft c_ 
sysl.microsoft com 
10.0.0.100 
10.0.0.1 
10.0.0.1 
10.0.0.100 
10 . 0.02 


static 

static 

8/1/2014 7:0000 PM 
8/1/2014 70000 PM 
static 
static 

8/V2014 7:00.00 PM 


Create a new host resource record. 


23. Verify for the Host record www.microsoft.com mapped to 10.0.0.100. 
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ZOOM 


TECH NOLOGIE! 


Lab - 84: Installing Active Directory Certificate Services 


Objective: 

To Provide Digital Certificates to Users using AD Certificate Services 

Pre-requisites: 

Before working on this lab, you must have 

• A computer running windows 2012 server Domain Controller. 

• A computer running windows 2012 server or windows 7. 

Topology: 



MICROSOFT.COM 


SYS1 


SYS2 


Domain Controller 

IP Address 10.0.0.1 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 


Member Server / Client 

IP Address 10.0.0.2 

Subnet Mask 255.0.0.0 

Preferred DNS 10.0.0.1 
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ZOOM 


TECH N OLOG IE! 


1. In Server Manager Dashboard, click Add roles and features. 




Server Manager 

L=i®_! x 


M Dashboard 

•®l r 

r 

Manage Tools View Help 


ISS Dashboard 


| Local Server 
|i All Servers 

rgi ADDS 

DNS 

File and Storage Services > 


WELCOME TO SERVER MANAGER 



Q Configure this local server 

QUICK START 



2 Add roles and features 


3 Add other servers to manage 

WHAT'S NEW 



4 Create a server group 


Hide 

LEARN MORE 



ROLES AND SERVER GROUPS 


tales: 3 | Server groups: 1 

Servers lota 

: 1 





rgi ADDS 

1 



DNS 

1 


© Manageability 


© 

Manageability 


1 v 


2. In Before you begin page, click Next. 


Add Roles and Features Wizard 


- a 


X 


Before you begin 


DESTINATION SERVER 
syst MicrosofUom 


Before Vbu Begin 


Installation Type 
Server Selection 


This wizard helps you install roles role services, or features. You determine which roles, role 
services, or features to install based on the computing needs of your organization, such as 
sharing documents, or hosting a website. 

To remove roles role services, or features: 

Start the Remove Roles and Features Wizard 


Before you continue, verify that the following tasks have been completed: 

• The Administrator account has a strong password 

• Network settings, such as static IP addresses, are configured 

• The most current security updates from Windows Update are installed 

If you must verify that any of the preceding prerequisites have been completed, close the 
wizard, complete the steps, and then run the wizard again. 


To continue, click Next. 


FI Skip this page by default 


< Previous | [ Next > i] 


Install 


Cancel 
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3. 


In Select installation type, select Role-based or feature-based installation, click Next. 


Add Roles and Features Wizard 


L- 


Select installation type 


DESTINATION SERVER 
syslMcrosoftcom 


Before Msu Begir 


Installation Type 


Server Se-ecat?" 


Select the installation type You can install toles and features on a running physical computer 01 virtual 
machine, or on an offline virtual hard disk (VHD). 

* Role-based or feature- based installation 

Configure a single server by adding roles, role services, and features. 


Remote Desktop Services installation 

Install required role services for Virtual Desktop Infrastructure (VDI) to create a virtual 
machine- based or session based desktop deployment. 


[ < Previous 


Next > 


Install 


Cancel 


4. In Select destination server, from Server Pool select SYS1, click Next. 


Add Roles and Features Wizard 


- a 


X 


Select destination server 

Select a server or a virtual hard disk on which to install roles and features 

• Select a server from the server pool 
O Select a virtual hard disk 

Server Pool 

Filter: 

Name IP Address Operating System 


sys1.Miaosoft.tom 10.0.0.1 Miaosoft Windows Server 2012 Stand aid Evaluation 


1 Computer(s) found 

This page shows servers that are running Windows Server 2012, and that have been added by 
using the Add Servers command in Server Manager. Offline servers and newly-added servers 
from which data collection is still incomplete are not shown. 


Before Vbu Eegir 
Installation Type 


Server Selection 


Server Roles 
Features 


DESTINATION SERVER 
sysl MktosofUom 


< Previous 


Next > 


Install 


Cancel 
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5. Check the box Active Directory Certificate Services 

Add Roles and Features Wizard 


l ” L*- 


£1 


Select server roles 


D«TlN*riOH &£*vf« 


Before 'Ou 5«*«ct one o» mom rol«* to install on tr« selected server. 

Description 

Act v? Ci rectory Certiorate Seaicet iAD CS it used to 
create certification autfwrtie* and re sted role servees 
that alien you to issue and manage certificates used in 
a va rely a 4 app cations. 

(3 J Active Directory l«)hhheight Directory Services 
Q Active Directory Rights Management Services 
C ] Application Server 

□ DhCP Server 

[y] DNS Server tlnslaHed) 

□ Pax Server 

t> [y] P4c And Stooge Services (Installed) 

D N*yper-V 

Cl hJetMork Oobcy and Access ServKes 

n Print and Document Services 

□ demote Access 
(3 ) Remote DeOrtop Services 

□ Volume Actuation Servees 

□ Web Sen^r (MS) 

□ Windows Deployment Services 
D Windows Server Update Services 


lns*slia*cr ~ype 
s erver seercr 


□ a 


tive Directory G*itif«cdte S*^v*te* : 


|y| A.-nve Oeeccrry Dema n sernres (Incta ed) 

□ Active Oeectory federation Services 


< Previous Next > 


Carre 


6. Click Add Features, to install the required features for Active Directory Certificate 
Services->Click Next. 


r~ 


Add Roles and Features Wizard 


Add features that are required for Active Directory 
Certificate Services? 

The following tools are required to manage this feature, but do not 
have to be installed on the same server. 


a Remote Server Administration Tools 
a Role Administration Tools 

a Active Directory Certificate Services Tools 

[Tools] Certification Authority Management Tools 


|y| Include management tools (if applicable) 


I Add Features 


Cancel 
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7 


Click Next 



& 


Add Roles and features Wizard 


I I — 


Select server roles 


D«riN*riO *4 SeflvER 

»«T«rfUBTl 


B«fcr# s o- B«gtr 
Ins'iHa’cr "ype 
S#rv*' 5 ##c*cr 


Server Rotes 


F^at^rts 

ADCS 

Rolf Services 
CoHirr-^'jon 


Select one or more roles to install on t re selected server. 
Rotes 



Description 

Art /ve Directory Certificate Scacri (AD CS) r. used to 
create certificaien authorities and re sted role services 
that alow you to issue and manage rertrfirates uses in 
a va rely of app cat ens 


*2" 


w. 1 


8. Click Next 


i 


Add Rotes and features Wizard 


I I M 


Select features 


D£S TlN*rON SeflvER 

StSt m*ram^learT> 


Befcre o- 2*gr 
Install* cr ”ype 
Sffn^a- :*t*^rcr 
Server Rtf *5 


Features 


ADCS 

Role Services 
Cc' , %r-.ac»on 


Select one or more features to -stall on the seected serve- 


Features 



Description 

N-I f ^,,.ert: I *- combines the power ct the NET 
F rameworV 2.0 APIs with new technology* for build ng 
applications that offer appea »ng user interfaces 
protect your customers personal i dentrty ir<orrratio- 
enable seam less and secure communication and 
provide the ab*ty to model a range of business 
processes 


* ■ 
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9. Click Next 


Add Roles and features Wizard 


L-iSJ 


Active Directory Certificate Services 


3KTlN*r,OH &£Avf« 


Active Directory Certificate Services (AD C5] pri des the certificate ‘nf-astru-it-re to enable scenarios such as secure w dess networks. virtual private 
networks. Internet Protocol Security (IP5eO Network Access Protection (NAP) encrypfeng file system (EPS) and smart card I09 on. 

Things to notfc 

• The "arr and oomi n settings of this compeer cannot be changed after a certification authority (CA) has been installed If you want to change 
the computer nann r so a ooitunn, or promote this server to a doms n controller complete these changes before insta ng the CA For more 
information see certification authonty naming 


ADCS 


Role Zernces 
Co r^rr-^tion 


Before '€•- Begin 
ln«-alls'cr ”,pe 
server sheerer 
Server Poes 
Pear-res 


Active Oi rectory Certificate Serv ces Overview 


* Previous ^ Hnt > j Carre- 


10. Check the boxes Certificate Authority, Certificate Enrollment Policy Web Service, Certificate 
Enrollment Web Service, Certification Authority Wen Enrollment, Network Device 
Enrollment Service & Online Responder->click Next 


m 


Add Roles and features Wizard 


I I M 


Select role services 


DfSTl NATiON ,£«t 
S*ST >M'wA : <m 


Before "Cu Bkgr 
InstaPatcr ",pe 
Ser\«r 5#«tcr 

Server Po>« 

Fear-res 

ADCS 


Role vices 


v.et Server Bee :nS 
Role Services 
Ccrfirr-^oon 


Select the role serv ices to n»tai for Active Directory Certificate Services 
Role services 

0 Cert if cat on Authority 
0 Certificate Enrollment Policy Wets Service 
0 Ce«vf<ate Enrolment VVet> Serv<e 
0 Certification Authority Web Enrollment 
0 Network Device Enrolment Service 

0 23325553 


Description 

Orl ne Responder makes certificate revocation 
cheeking data accessible to clients in eompe* network 
environments. 


< Previous 


I 
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11. Click Next 



% 


Add Roles and features Wizard 


I I M 


Web Server Role (IIS) 


3KTiN*r,OH ££*v£« 

irtl iwrurftiom 


Before o- Begin 
In** all 5* cr Typt 
Server severer 
Server Po*« 
Features 
AO CS 

Role Services 


Web Server Role (US 


Role Services 


Web server* arm computer* that let you share .^formation over the Internet or through intranets and extranet* The Web Server role includes Internet 
Information Services |I!S) BC with enhanced security. d agnostic and admnistration a unified Web platform that integ*a*.es IIS 6.0 ASP N£T. and 
Wfldcm Com -nun ;aban Faundaban. 


Things to note. 

• Using Windows System Resource Manager (WSRM) can help ensure equitable servicing of Web server traffic 
especially when there are multiple roles on this computer. 

• The default installation for the Web Server (IIS) role includes the installation of role services that enable you to serve 
static content make minor custom izat ions (such as default documents and HTTP errors) monitor and log server 
activity, and configure static content compression 


Cc^rr^-j^n 


Mare mlorrnation about Web Server US 


12 . 


< previous [ Sent > j CancH 


Click Next 



m s ___ s 

Add Roles and features Wizard 

-l«l * | 


Select role services 


DKTIN4TON &£"vE« 

5*5' tarr 


Before cu Begir 

Select the role services to inatafi f or Web Server (IIS) 


Install 3* on ",pe 

Role services 


server 5e^rrcr 

Server Ro»es 

■* E 

<s 

4 ^ Common HTTP Features 


features 

2 Default Document 


AO CS 

y" Directory Browsing 


Role Services 

2 HTTP Errors 


Wet Server Rde :»S 

2 Static Content 


Role Services 

2 HTTP Redirection 

1 

Ccnfirr-.adon 

□ WebDAV Pjbi»r>*ng 

4 2 Health and Diagnostics 



2 HTTP Logg> ng 

1 ! Custom Logging 

2 Loggmg Took 

□ COBC Logging 

2 Request Monitor 

2 Tracing 

L 


4 3 Performance 



2 Static Content Compression 
□ Dynamic Content Compression 



4 3 Security 



2 Request Rftenng 

□ Basic Authentication 

□ Centra lied SSL Certificate Support 

2 Cbent Certificate Mapping Autherticaton 

1 ! Digest Aulhentoition 

2 MS Client Ccrt-fKate Mapping Authentication 



1 1 

V 


Description 

Web Server provides support for HTML Web sites and 
optional support for ASP NCT, ASP. and Web server 
extensions You can use the Web Server to host an 
internal or external Web site or to provide an 
environment for developers to create Web-based 
applications 


< Previous | Njext > J .'■troll Cancel | 
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13. 


Check the box restart the destination server automatically if required->click Next 


Add Roles and features Wizard 


bdi 


Confirm installation selections 


3KTiN*riO* 


Befcre e*gr 

lnsTj#at«cr 
Server sheerer 
Server Poes 
Feat-res 
AO CS 

Role Services 
v.et Server flee :nS 
Role Services 


Ccnfinrdaon 


To ratal) tti« Wtovcng roles tele servica. or features on se acted server clot I ratal 


H Restart the destination server automatically if required 

Optional features (such as adn* oistration tools} might be displayed on this page because thev hate been selected automatically. It you do not want 
to "stall these optional features, dick Previous to dear the v Chech bones. 


NET framework 4 i features 
ASP NET 4.5 
WCF Services 
HTTP Activation 

Active Directory Certificate Services 
Certification Authority 
Network Device Enrollment Service 
Certificate Enrollment Policy Web Service 
Certificate Enrollment Web Service 
Online Responder 

Certification Authority Web Enrollment 
Remote Server Administration Tools 
Role Administration Tools 

Active Directory Certificate Services Took 
Certification Authority Management Tools 
Online Responder Toots 

Web Server (IIS) 


.T 


V 


Export configuration settings 
Specify an alternate source path 


« Previous rrt > 


Install Cancel 


1 


14. Click Configure Active Directory Services on the destination server 


Add Roles and features Wizard 


— 


Installation progress 


destination se*vi« 

S*S' hucrwi^l tarr 


Re:. Lite 


V»«w installation prograss 
Feature installation 

Camigjr y.ign required retaliation succeeded on SVS1 .microso»t.com 

Active Directory Certificate Services 

Additional steps are required to configure Active Directory Certificate Services on the destination server 

fcanfigum Artk'tf tirectcvy Cert Acne r erv e\ or rr dcstirsticn w" n 

Certification Authority 
Network Device Enrollment Service 
Certificate Enrollment Policy Web Service 
Certificate Enrollment Web Service 
Online Responder 

Certification Authority Web Enrollment 
.NET Framework 4.5 Features 
ASP.NET 4.5 
WCF Services 

HTTP Activation 

Remote Server Administration Tools 
Role Administration Tools 

Active Directory Certificate Services Tools 
Certification Authority Management Tools 
Online Responder Tools 

You can close this wizard without interrupting running tasks. View task progress or open this page again by 
^ clicking Notifications in the command bar, and then Task Details 

Export configuration settings 


< Previo«j* | Next » 


Close | Caned 
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15. Click Next 


Credentials 


AO CS Configuration ~ I ° x 

DC ST IN AT ION SERVER 
SYSLmioosoftciwi 


credentials 


Rcle 3«r 


Specify credentials to configure rote services 


To ratal tti« foltcn nq role screen you must belong to the local Administrator group 

• Standalone certification authority 

• Certification Authority .Veb tnra‘Wne~t 

• Online Responder 

To rated ttie k> <v. r*g role sereces you must belong to the Enterprise Adm nj group: 

• Fnterphvf certtficahon authority 

• Certificate F * roAmenf P» icy Web Server 

• Certificate EnroAment Wee Sente 

• Network Device Enrolment Service 


Credentia l, MICROSCn\Ad"- "r'rrator 


LOwSfe- 1 


More about AD CS Server Roles 


Caned 


16. Check the boxes Certificate Authority, Certification Authority Wen Enrollment & Online 
Responder->click Next 


AD CS Configuration 


- a 


Role Services 


DESTINATION SERVER 
SYSlanicfosoft.com 


chasms.* Select Role Services to configure 


Rc4e Services 


M Ceruficarion Aurhenty 
W Certification Airhonty Wet> Enroll tv*t 
lad Online Responder 
n Network Dev<e EnroBmenr Service 
[□ Certificate Enrollment Web Service 
FI Certificate Enro'tment Poicy Web Service 

Va rdc, Period 
Certificate Database 
Ccrfirr-ador 


S«-0 typA 
CA Type 
Prv2T» Key 

Cryptography 
CA Name 


More about AD CS Server Roles 


; Configure | I 
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Click Next 


ZOOM 


Setup Type 


AD CS Configuiation 


- Iff 


DESTINATION SERVER 
SYSljniciosoft.com 


COMfiTM S 

Rcte Services 


Setjp 


CA Type 
Private Key 
Cryptography 
CA Name 
Validity -eriod 
Cernfl ca:e Database 
Cc^rr-^jon 


Specify the setup type of the CA 


Enterprise certification »uthp-: cs (CAs) can use Active Directory Dom»n Sc -.ten AD D5) to tmpitfy the management of certif „«tes Standalone 
CAs do not use AD DS to Uwt or manage certificates. 

• ["TtfpwCA 

Enterprise CA* mint be domain members and are typ*&Vy online to t*ue certificates nr certificate poiiors 
O Standalone CA 

Stanton* CAs can be members or a workgroup o« domain Standalone CAs do no' requrre AO DS and can be used without a network 
connection (offline). 


More about Setup Type 


< Previous [ Sett > j Cancel 


Click Next 




ADCS Car figuration 



DESTINATION SERVER 

CA Type SYSIjmciosoft.com 


Crederoa S 
Rote Serve es 
se^g ’o* 


CATyfK 


Private Key 
Cryptography 
CA Name 
Validity Period 
Certificate Database 
Ccrfirr-Adon 


Specify the type of the CA 


When you invta Active Dvectory Certificate Services (AD CS) you are creating or extend ng a pub <c key infrastructure iPKI) - each, A root CA <s at 
the top of the PM Hierarchy and issues is own self-signed certificate A subordinate CA recedes a certificate from the CA above it m the PM 
hierarchy 

• BoorCA 

Root CAs are The f rst and may be the only CAs configured « a PK1 hierarchy 
O Subcrdmete CA 

Subordinate CAs require an established PM hierarchy and are authorized to issue certificates by the CA abore them at the hierarchy. 


More about CA Type 


.r*™-, I u«> ! c«.c* 
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19. Click Next 



r- 


AD CS CofihquiJticxi 


I I M 


Private Key 


ESTIMATION SERVER 
SYSljmciosoft.com 


CreoertiB s 
Rcte Services 
s *?-0 Type 
CAType 


Pnvato Key 


Cryptograph' 

CA Name 
va dir, -enod 
Cerrfl ca:e Ca:aba*e 
Cc^rr-^jon 


Specify the type of the private key 

To oene ste axJ iuuc certif cates to cJ«e-ta s certiScation authority (C A) must have a private key. 

Qrme a nrw prWote key 

Use this optiv if you do not '•A.r a private key or want to create a new prrvate key. 

O Use CKBtmg pnvate key 

Use tbs option to ensure continuity with previously >ssued certificates when remstaMmg a CA 

. Wet a certificate and use *ts associate:] private key 

Select this option >f you have ar existing certificate on this computer or if you wart to import a certificate and use its atsooatea prrvote key 
• • Select an existing private key on this computer 

Select this option if you have retained private keys from a previous entallabon or want to use a pit. ate key from an alternate source. 


More about Private Key 


< previous [ Vevt > \ Cancel 


Select SHAl->click Next 



m 

AO CS ConfigiiMtion 

-| ff | | 


ESTIMATION SERVER 

Cryptography for CA SYSIjnicvosoft.com 


Cre6«ma s 
Rote Services 

S*:_0 Type 

CA Type 
Pnvate tty 


OyF'cgrap^y 


CA Name 
Yaldity Period 
Certificate Database 
Ccnfirr-^don 


Specify the cryptographic options 


Select a cryptog rsphic prov oen 
RS A OMicrpsoft Software Key Storage Provider 


Key length 

v -m 


Seect the tash algorithm far sgr ng certificates isued by this CA 


SHA256 

SHA3S4 

5HA512 

SHAT 

MD5 

MlM 

MO? 


[ 1 Alow acinr strata' nteracbon when the pnvate key ts accessed by the CA 


More about Cryptography 


C previous | Next > j C -figtae 
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21. Click Next 


AO CS Configuiaticxi 


CA Name 

crecerws 
Rote Services 
set-d type 
CA Type 
Prvat* Key 

Cryptography 

validity Period 
Cert flea :e Database 
CcHin-^ipn 


- Iff 


DC ST IN AT ION SCRVER 
SYSl4niaosoft.com 


Specify the name of the CA 


T ype a common name to identify th» certification authority [CA). This name is added to all certificates issued by the CA. Dat»ngi»vhcd name suffu 
values arc automabtaity generated but can be modified. 

Common name for this CA 
mitrosoilSVSICA 

Dittaigui shed name suffix: 

CXeimcfosoftOCecom 

of d«T'rv)U'5he^ n»«f: 

CNr mierosoft-SVSl -CA.DC r mieroseft,OC r rorr 


More about CA Name 


< p. 


Previous I Next > 


Configure 


Click Next 



m 

AO CS Configuration 

L=1*M 


22 . 


Validity Period 

CfiCfinuis 
Role Services 
S«-p Type 
CAType 
Private Key 
Cryptography 
CA Name 


Validity Period 


Certificate Catabase 
Ccrfin-ation 


DESTINATION SERVER 
SYSl4nroosoft.com 


Specify the validity period 

Select the v* dity pervod for the cert-hcate generated for this terufreabon authority (CA; 


CA exp 'abort Dels. 7/29/2020 122500 PM 

’hevafcdity pe'«d corf*g«rec for ths CA certificate should exceed the valid ity period for the certificates t * 1 -s sue 


More about Validity Period 


r^T| rre„. j Cm 
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23. Click Next 



AD CS Con figuration 


CA Database 


C'MGT^a-S 
Rote Services 
s*t_o Type 
CA Type 
Prvare tty 
Cryptograph 
CA Name 
validity Fbriod 


CerSflcjtc* Database 


Confirmation 


Specify the database locations 

C«rt>fcatc database location: 

C:\W1 «dowis\SY^em32>C«»tLo^ 

Certificate database log location 

C:\Wi noows *system£2VCertLag 


- Iff 


DC ST NATION SERVER 
SYSlanici osoft.com 


More about CA Database 


24. Click Configure 


< P rt 


Configure 


AD CS ConfiguMiioii 


I I — 


Confirmation 


DESTINATION SERVER 
SYS I .microsoft. com 


C'SCeTDaS 
Role Services 
set_o Type 
CA Type 
Prvsrs Kay 
Cryptography 
CA Nam* 

Validity Period 
Cer-'icate Database 


Cunffirjrjon 


To coefgure the fol owing roles rc ie serv ices or features click Confgure 

A Active Directory Certificate Services 


C«i tifkatton Authutity 

CAType 

Cryptographic provider 
Hash ftlyinthm: 

Kc> Length: 

Allow AdmirvstratOf Interaction: 

Crrtificotr Validity Pfhod 
Distinguished Name 
CertiScate Database Location. 

CeitiNcate Database Log Locator 

Cert ift ration Authority Web Enrollment 
Online Responder 


Enterprise Root 

RSAfMicratofl Software Key Storage Provider 

SMA1 

2046 

Disabled 

7/29/2020 1225:00 RM 

CNriwicrosoft SYS 1 -CA DC-m^roso<t,DC=coin 
CAWjndowi'itystemJ2\CcitLc9 

C.^Wmdows\system32'\CertL.og 


< Previous Next > | Configure | Cancei 
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ZOOM 


TECH NOLOGIE! 


25. Click Close 


Results 


AD CS Configuration 



DC ST (NATION SERVER 
SYSlomcioioft.com 


The following roes rcie ie r .icei of features were configured: 

* Active Directory Certificate Services 

Certtfi ration Author fry Q Configuration turrrrdrd 

Mure about CA Configuration 

Cert it i cation Authority Web Enrollment © Configuration succeeded 

More about »Veb Enre. imenr Con fij.'won 

Online Responder ^ Configuration sue reeded 

More about CXSP Configuration 


Results 


< Previo-^e > j Close | Can ref 


26. Click No 


27. Click Start^click Certification Authority 


Start 


Administrator ^ 


k 

Server Manager 

w 

Windows 

PowerShell 

tm 

AnrrinistraTive 

Ieoh 

Group Pofccy 
Management 

r 

Active Directory 
Module for— 

Q 

Computer 

Ta*k Marvirjer 


% 

ADSI £<*t 

a 

Arthr Deertory 
Domains and- 

m 

Control Panel 

0 

Intern* ^ t «pi»r< 

Artn-e Directory 
Users and-. 

A 

Act we Directory 
Administrative.- 

Desktop 



if 

Actnre Directory 

Sites and- 

t 

jL 

DNS 


Certification 

Authority 


V 


Online 
Re ponder... 


% 


Internet 
Infer -nation.. 
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ZOOM 


TECH NOLOGIES. 



28. Expand Domain (Ex:Microsoft-SYSl-CA)->right click on Certificate Templates->click Manage 


m 

certsrv (Certification Authority (LocatJVmcrosoft SYS1 CA\Certihcate Templates) 

-1*1 * 1 

File Action View Help 



•> * it 




& Certification Authority (Local) 
-•3 microsoft-SYSl-CA 
JA Revoked Certificates 
-3 Issued Certificates 
■ Pending Requests 
Failed Requests 
_ Certificate Templates 
Manage 

New 
View 
Refresh 
Export List _ 

Help 


Name 

3 Directory Email Replication 
.3 Domain Controller Authentic-. 
3 Kerberos Authentication 
3 EFS Recovery Agent 
3 Basic EES 
3 Domain Controller 
3 Web Server 
3 Computer 
3 User 

3 SuborOinate Certification Aut_. 
3 Administrator 


Intended Purpose 
Directory Service Email Replica- 
Client Authentication. Server Au... 
Client Authentication Server An- 
nie Recovery 
Encrypting file System 
Client Authentication. Server Au... 
Server Authentication 
Client Authentication. Server Au._ 
Encrypting File System, Secure _ 
<AII> 

Microsoft Trust List Signing, tnc. 


Starts Certificate Templates snap in 


29. Right click on User^click Duplicate Template 

Certificate Templates Console 


bd-J 


File Action View Help 

* * -r! . « li 

3 Certificate Templates (SY: 


> i 


Template DisplayTuame Schema Version 

3 Directory Email Replication 2 

3 Domain Controller 1 

3 Domain Controller Authentication 2 
3 EFS Recovery Agent 
3 Enrollment Agent 
3 Enrollment Agent (Computer! 

3 Exchange Enrollment Agent (Oftl 
3 Exchange Signature Only 
3 Exchange User 
3 IPSec 

3 IPSec (Offline request) 

3 Kerberos Authentication 2 

3 Key Recovery Agent 2 

3 OCSP Response Signing 3 

3 RAS and IAS Server 2 

3 Root Certification Authority 
3 Router (Offline request) 

3 Smartcard logon 
3 Smartcard User 
3 Subordinate Certification Author. 

3 Trust List Signing 


Intended Purposes 
Directory Service Email 

Gient Authentication, Sr 


■ 

s 

Duplicate Template 


< 

All Tasks 

I 

B 

Properties 

Help 






Vers.. 

1150 

4.1 
110.0 

6.1 

4.1 

5.1 

4.1 

6.1 

7.1 

ai 

7.1 

1100 
1050 
101.0 
1010 
SI 

4.1 

6.1 
11.1 

5.1 

3.1 

m 

4.1 
4.1 

1010 Client Authentication 


Client Authentication. S< 
Key Recovery Agent 
OCSP Signing 
Client Authentication, S 


Actions 

Certificate Templates .. * 

More Actions 1 

User 


More Actions 


Using this template as a base, creates a template that supports Windows Server 2003 Enterprise CAs 
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TECH NOLOGIE! 


30. Click General^Enter template display name (Ex: User Certificate) ^check the box Do not 
automatically reenroll if a duplicate certificate exists in Active Directory. 



31. Click Request Handling->Expand Purpose->Select Signature and Encryption 
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ZOOM 


TECHNOLOGIES^ 


32. Click Cryptography^check the box Microsoft Enhanced Cryptographic Provider v 1.0, 
Microsoft Enhanced RSA and AES Cryptographic Provider & Microsoft RSA SChannel 
Cryptographic Provider 



33. Click Subject Name->check the box Email Name 
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ZOOM 


.TECHNOLOGIES. 


34. Click Security^select Domain Users^check the box Read, Enroll & Autoenroll->click 


Apply^click Ok 



35. Right click on Certificate Templates->click New->click Certificate Template to Issue 


certsiv (Certification Authority (locaOVntcrosoft SYS1 -CA\Ceitihcate Templates) 


File Action View Help 

* +1 a| £ l*| b 

i»‘ Certification Authority (Local) 
tu microsoft-SYSI-CA 
X Revoked Certificates 
£j Issued Certificates 
3 Pending Requests 
'^Failed Requests 
. Certificate Templates 


Name 

3 Directory Email Replication 
D Domain Controller Authentic.. 
3 Kerberos Authentication 
3 EFS Recovery Agent 
3 Basic EES 
3 Domain Controller 


New » 1 

Certificate Template to Issue 

View ► 

j 3 User 

Refresh 

3 Subordinate Certification Aut.. 

Export List.. 

3 Administrator 

Help 



Intended Purpose 

Directory Service Entail Replica 

Client Authentication. Server Au... 

Client Authentication Server Au... 

File Recovery 

Encrypting file System 

Client Authentication. Server Au.. 

r ,• Authentication 

Authentication Server Au... 
Encrypting File System, Secure ... 
<AII> 

Microsoft Trust List Signing, Enc. 


Enable additional Certificate Templates on this Certification Authority 
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36. Select User Certificate->click Ok 


37. 


c 


Enable Certificate Templates 




Select one Certificate Template to enable on this Certification Authority 

Note: If a certificate template that was recently created does not appear on this list, you may need to wait until 
information about this template has been replicated to all domain controllers. 

Al of the certificate templates in the organization may not be available to yourCA. 

Far more information, see Certificate Template Concepts. 


Name 

Intended Purpose 

A 

I? Key Recovery Agent 

HI OCSP Response Signing 

15 RAS and IAS Server 

ID Router (Offline request) 

15 Smartcard Logon 
"^1 Smartcard User 

15 Trust List Signing 

Key Recovery Agent 

OCSP Signing 

Client Authentication. Server Authentication 

□ent Authentication 

Client Authentication. Smart Card Logon 

Secure Email. Client Authentication. Smart Card Logon 
Microsoft Trust List Signing 


1 2j User Certificate 

CSent Authentication, Secure Email. Encrypting File System 1 

= 

1 User Signature Only 

Secure Email, dent Authentication 


15 Workstation Authentication 

□ent .Authentication 

V 


OK 


Cancel 


Go to Group Policy->expand Forest^expand Domains->right click on Domain Name 
(Ex:Microsoft.com)^create a GPO (Ex:User Certificate)-^ right click on GPO (Ex:User 
Certificate)^click Edit 


Group Policy Management 


-| fl 


File Action View Window Help 

4* <♦ *)|iS] X <■> U *?f 

m Group Policy Management 
•< Forest microsoft.com 
j is Domains 

A y j microsoft.com 

»’ Default Domain Policy 
User Certificate 


□it. 


User Certificate 

5coo* Trtali | Seu-ga 

links 

Fnpa, n*i r ths teraro** 


fnlcv»r'g asr-ara and OU* are r-lcec to the GPO 

I ijcaaor 


v Al \ 

Edit- 


Enforced 

v ^ M L ,r >k Enabled 

► 3 

Save Report.. 

v » Sites 

View 

rS Grout 

New Window from Here 

Jv Grout 

Delete 


Rename 


Refresh 


le p 


Deferred Lrk tretied 

Nd Ye* 


Pith 

TicrDscrtl con 


ha GPO can arty apoy to the folownc gmupa uie-i. arse computers - 


t. Lbe* 


DC 


W Ml Fit on no 

Thte GPO * Weed to Ihe f al<xu<-g £MI ^«er 


Qpv 


Open the GPO editor 
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ZOOM 


TECH NOLOGIE! 


38. Expand User Configuration->expand Policies->expand Windows Settings->expand Security 
Settings^select Public Key Policies^right click on Certificate Services Client-Auto 
Enrollment^click Properties 


File Action View Help 

*sffri] I'd U IE 

User Certificate [SVSI.MICROSOFT.c 
* t? Computer Configuration 
i- ifi Policies 
I- 03 Preferences 
•* A User Configuration 
* U’i Policies 

v _ Software Settings 
* _ Windows Settings 

Scripts (Logon/Logoff) 
. ij Security Settings 
•* i Public Key Policies 
' ) Enterprise Trust 
ft Trustee People 
t Software Restriction 
i- _J Folder Redirection 
i Policy-based QoS 
I- 13 Administrative Templates: 
F ' Preferences 


Group Policy Management Edita 


Object Type 
^Enterprise Trust 
Tl Trusted People 

•^Certificate Services Client - Certificate Enrollment Policy 
-» Certificate Services Client - Credential Roaming 


Certificate Services Client Auto Fnrollmonl 


Properties 

Help 


Opens the properties dialog box for the current selection. 


39. Expand Configuration Model->click Enabled->check the box Renew expired 
certificates->check the box Update certificates that use certificate templates->click 
Apply->click Ok 


Certificate Services Client - Auto-Enrollment Pro.. 


Enrollment Policy Configuration 


Enroll user and computer certificates automatically 


Configuration Model: 


Enabled 


@ Renew expired certificates, update pending certificates, and remove 

revoked certificates 


fyj Update certificates that use certificate templates 


Log expiry events and show expiry notifications when the percentage of 

remaining certificate lifetime is 



% 


Additional stores. Use V to separate multiple stores. For example; 

'Storel, Store2, Store3' 


□ Display user notifications for expiring certificates in user and machine 

MV store 


Learn more about Automatic certificate management 



Apply 
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ZOOM 


TECH NOLOGIE! 


40. Open Command Prompt->type gpupdate 



41. In Command Prompt->type certutil -pulse 
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Verification: 



ZOOM 


TECH N OLOG IE! 


1. Logon to Member Server as User (EX:Userl) 


R 

userl 

(3 

Compute! 

* 

Netwotk 

u 

Recycle 

Bin 



Control 

Panel 


Windows Server 2012 


2 . 


Go to MMCConsole 


A p p S Results for "mmc ' 

Search 

Apps 



1 ~irr: 


F* mmc 

Ip Apps 

1 


Settings. 

0 


Hies 

0 


jgjjr, Internet Exp lot et 
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3. Click File->click Add/Remove Snap 


4. 




Consolel [Console Root] 

- | fl J x | 

m File 

Action View Favorites Window Help 




New 

Ctrl-rN 

Open.. 

Ctrl«0 

Save 

Ctri+S 

Save As.. 


Add/Remove Snap in.. 

CtrUM 

Options.. 


Recent File 


Exit 



There are no hems to 'how in this view. 


Actions 


Console Root 

*| 


More Actions ► 


Enables you to add snap-ins to or remove them front the snap-in console 


Select Certificates -> select Certificates-CurrentUser->click Ok 
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5. Expand Certificates->expand Personal->select Certificates & verify the certificate issued to 
Userl 


A Console! 

IConsole RootVCertifrcates Current User\Personal\Certilicales| 

-1° 1 * | 

A File Action View Favorites Window Help 


«•* *m x b , x i *| bib 

Is Console Root 

Issued to Issued By Expiration., intended Purposes 

Actions 


i i*P Certificates Current User 
a & Personal 

; Certificates 

I' ■) Trusted Root Certification Authorities 
t* 

v 

v 

I* 

I* 

F 

V 

V 
F 


'.) Enterprise Trust 

-J Intermediate Certification Authorities 
Active Directory User Object 
M Trusted Publishers 
8 Untrusted Certificates 
i Third-Party Root Certification Authorities 
*1 Trusted People 
J3 Client Authentication Issuers 
■2 Certificate Enrollment Requests 
i2 Smart Card Trusted Roots 


<L 


I » 


miciosoft-SYSI CA 7/<>8/?016 Client Authentication. 


<L 


Certilicates 


More Actions ► 


user! 


- 


More Actions ► 


Personal store contains t certificate. 
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MCSE-2012 fuii Course 


MICROSOFT CERTIFIED SOLUTIONS EXPERT 


Practicals in real-time environment. Detailed curriculum with all 5 papers 
Duration: 1 Month | 4 Hrs Per Day (starts on 30* of every month) 
Batches: Morning: 8.30 to 10.30 • Afternoon: 2.00 to 4.00 • Evening: 7.30 to 9.30 


CCNA (v 2.0) Full Course 


CISCO CERTIFIED NETWORK ASSOCIATE 


Cisco Routers with BSNL/TELCO MUX & Live Channelised El 

Duration: 1 Month | 4 Hrs Per Day (starts on 30* of every month) 
Batches: Morning: 8.30 to 10.30 • Afternoon: 2.00 to 4.00 • Evening: 7.30 to 9.30 




\ 




Complete Package 
for Only 



Practicals on Live Web Administration + Integration of Windows with Linux/Unix (Samba Server) 
Duration: 2 Weeks | 4 Hrs Per Day (starts on is* &30 ,h of every month) 
Batches: Morning: 8.00 • Afternoon: 1.30 • Evening: 7.00 




I'.'iilillWIliJJiJIhAHiWIlWjWlllliltWIi: 



• Ethical Hacking, Cyber Security and Firewall • Open Source: A glimpse into advance Linux 

• VMware vSphere and MS Private Cloude • Cisco WAN Technology & Collaboration 


Fees: ? 5,900/- 

+ 14% Service Tax 

Duration: 3 Months 
4 Hrs Per Day 


Free MCSE & CCNA Exam Practice Questions 


[UAr | Ethical Hacking & 
EI1UE I Countermeasures Expert 

Course is mapped to EHCE course from US-Council (www.us-council.com) 

(Pre requisite is CCNA / MCSE / LINUX) 

Duration: 2 Weeks | 4 Hrs Per Day (starts on is 1 " & 30 th of every month) 
Batches: Morning: 7.30 or Evening: 6.00 


CCNP R&S 


rcisco CERTIFIED NETWORK PROFESSIONAL^ 


Duration: 1 Month | 4 Hrs Per Day (starts on 15 th of every month) 
Batches: Morning: 7.30 • Afternoon: 2.00 • Evening: 6.00 
• Labs on latest routers with IOS version 15.X 


Monitoring, Diagnostics & Troubleshooting Tools 

• PRTG • Wireshark • SolarWinds, etc. 


► / 


Fees: ? 9,500/- 

+ 14% Service Tax . 


1 00 % 

GUARANTEED 

JOB 


ASSISTANCE 



Exam Practice Challenge Labs 


CCIE R&S 


tcisco CERTIFIED INTERNETWORK EXPERT 


Duration: 1 Month | 4 Hrs Per Day (starts on is 1 " of every month) 
Batches: Morning: 7.30 • Evening: 6.00 

• Individual Rack For Every Student 

• Real time scenarios by 20+ years experienced CCIE certified industry expert who 
has worked on critical projects worldwide. 


Written + Lab Exam Focus 


FREE Full Scale 8 Hours Exam Lab Included 


Unlimited Lab Access For 1 Year 



Fees: ^ jBfOCG/; 
Introductory Special Offer 

Fees: ? 5,500/- 

+ 14% Service Tax 



Fees: ? 

Introductory Special Offer 

Fees: ? 9,999/- 

+ 14% Service Tax 






Duration: 2 Weeks | 4 Hrs Per Day (starts on is* & 30* 1 of every month) 
Batches: (Contact the Counselors for the next available batch) 


Duration: 2 Weeks | 4 Hrs Per Day 

Batches: (Contact the Counselors for the next available batch) 


CCNA SECURITY 


(Pre requisite is CCNA R&S) 


CISCO CERTIFIED NETWORK ASSOCIATE - SECURITY] 


Duration: 2 Weeks | 4 Hrs Per Day (starts on 15* of every month) 
Batches: Morning: 7.30 or Evening: 6.00 


CCNP SECURITY 


(Pre requisite is CCNA Security at ZOOM) 


CISCO CERTIFIED NETWORK PROFESSIONAL - SECURITY 


Duration: 2 Weeks | 4 Hrs Per Day (starts on 30* of every month) 
Batches: Morning: 7.30 or Evening: 6.00 


CCIE SECURITY 


(Pre requisite is CCNA & CCNP Security at ZOOM) 


CISCO CERTIFIED INTERNETWORK - SECURITY. 


Duration: 1 Month | 4 Hrs Per Day 

Batches: (Contact the Counselors for the next available batch) 


Fees: ? 2,500/- 

+ 14% Service Tax 



Fees: 2,500/- 

+ 14% Service Tax 



Duration: 2 Weeks | 4 Hrs Per Day (starts on 1 5* & 30* of every month) 
Batches: (Contact the Counselors for the next available batch) 


Fees: ? 2,500/- 

+ 14% Service Tax 


Fees: ^ 7,500/- 

+ 14% Service Tax 


Fees: ^ 9,500/- 

+ 14% Service Tax 


Fees:^1 5,500/- 

+ 14% Service Tax 


VMware vSphere (Pre requisite is MCSE) 

Duration: 1 Month | 4 Hrs Per Day (starts on 1 5* of every month) 
Batches: Morning: 7.30 and Evening: 7.30 


Fees: ? 4,950/- 

+ 14% Service Tax 


VMware vCloud (Pre requisite is VMware vSphere) 

Duration: 1 Week | 4 Hrs Per Day (starts on 1 5* of every month) 


Batches: Morning: 9.30 to 11.30 


■diiJd'iJiiiniJhnHHT 


Duration: 2 Weeks | 4 Hrs Per Day 

Batches: (Contact the Counselors for the next available batch) 



Fees: ? 2,500/- 

+ 14% Service Tax 


Fees: ^ 5,500/- 

+ 14% Service Tax 


We also offer the following courses (Contact the Counselors for the next available batch) 

► CCNA Voice @ ^7,500/- ► CCNA Data Center @ ^7,500/- 

► CCNP Voice @ ?9,500/- ► CCNP Data Center 

► CCIE Collaboration @ 5,500/- ► CCIE Data Center 

► IPv6 Migration @ ^5,500/- 


?9,500/- 

5,500/- 


FACULTY 


► All Senior Engineers of Zoom working on Live projects 

* Training Engineers of British Army, CISCO, CMC, GE, BSNL, Tata Teleservices and 
Several Corporates etc for 18 Years. 


www.zoomgroup.com 
















FREE Training 


Zoom Technologies offers a number of free resources for the professional development of network 
engineers. 

Register on our website to get access to the video recordings of live sessions on: 

■ MCSE - Windows Server 201 2 

■ Cisco - CCNA "1 

■ Cisco -CCNP r All Tracks (R & S, Security and Voice) 

■ Cisco -CCIE J 

■ Exchange Server 2013 



- Ethical Hacking and Countermeasure Expert (www.us-council.com) 

Find us at: www.zoomgroup.com 

Like us on Facebook and get access to free online webinars as well as special offers and discounts. 

https://www.facebook.com/ZoomTechnolgies 


Online Training 


Online Training at Zoom is a cost effective method of learning new networking skills from the 
convenience of your home or workplace. 

Taking an online training course has many advantages for everyone (Freshers / Working Professionals). 
Zoom offers online training for the highly coveted CCNA, CCNP and CCIE courses as well as MCSE, 
Linux, VMware, Ethical Hacking and Firewalls, IPv6 with more courses planned for the near future. 
These are live instructor led courses, using Cisco WebEX. Check out our online course offerings at: 

http://zoomgroup.com/online_course 


Job Opportunities 


There is a high demand for network and security professionals at all times. Apart from job opportunities 
in India and the Middle East, network and security administrators are also sought-after in the US and 
Europe. 

If you do not have the right skills, then get them now! Choose the experts in network and security 
training, an organization which has already trained over one hundred thousand engineers. 

For the latest job openings in networking and security, register and upload your resume on: 
http://zoomgroup.com/careers or visit zoom to choose job offering from several multinational 
companies. 


0 


ABOUT US 


ZOOM Technologies India Pvt. Ltd. is a pioneering leader in network and security train- 
ing, having trained over a hundred thousand engineers over the last two decades. 

We offer a world class learning environment, with state-of-the-art labs which are fully 
equipped with high-end routers, firewalls, servers and switches. All our courses are 
hands-on so you'll get much needed practical experience. 

The difference between us and the competition can be summed up in one simple sen- 
tence. Our instructors are real-time network professionals who also teach. 

Zoom has designed, developed and provided network and security solutions as well as 
training to all the big names in the Indian industry, for the public sector as well as corpo- 
rate leaders. Some of our clients are: 

TATA 

BSNL 

VSNL 

Indian Railways 
National Police Academy 
Air Force Academy 
IPCL- Reliance Corporation 
CMC 

British Army 

No other training institute can boast of a customer base like this. This is the reason for 
the resounding success of our networking courses. If you do not have the right skills, then 
get them now. Come, join the experts! 


Training Centers in Hyderabad, India. 


Banjara Hills 

Ameerpet 

Secunderabad 

Dilsukhnagar 

HDFC Bank Building, 2nd Floor, 

# 203, 2nd Floor, 

Navketan Building, 

1st Floor, # 1 6-1 1 -477/B/1 &B/2, 

Road #12, Banjara Hills, 

HUDA Maitrivanam, Ameerpet, 

5 Floor, # 501 

Shlivahana Nagar, Dilsukhnagar, 

Hyderabad - 500 034 

Hyderabad -500 016 

Secunderabad - 500 003 

Hyderabad - 500 060 

Telangana, 

Telangana, 

Telangana, 

Telangana, 

India. 

India. 

India. 

India. 

Phone: +91 40 23394150 

Phone: +91 40 39185252 

Phone: +91 40 27802461 

Phone: +91-40-24140011 

Email: banjara@zoomgroup.com 

Email: ameerpet@zoomgroup.com 

Email: mktg@zoomgroup.com 

Email: dsnr@zoomgroup.com 


website: www.zoomgroup.com 


